Authentication based on return value of external program?

[Nick Owen]

Steffen Weber wrote:
> Hello,
> 
> I´m wondering whether there exists a module that makes it possible to
> grant authentiation based upon the return value of an external programm.
> 
> I know that in general it is not such a great idea to rely upon an
> external program, but for not-critical services like for example FTP
> being able to implement the authentication backend in PHP, Python or
> whatever would be great.
> 
> Steffen

Steffen:

I'm not 100% sure I understand your question, but this is essentially
what we do with our strong authentication system. It is a software
token, but unlike most, it uses public key encryption to send a PIN to
the authentication server. If the PIN, encryption and account check out,
a one-time passcode is generated and returned to the user.  We have done
a number of how-tos that use PAM to authenticate users to webmail,
FreeNX, SSH, OpenVPN, etc - all the usual suspects.   We have a support
for PHP, Python, Ruby, Java, TACACS+, LDAP, etc.  All are available at
the sourceforge site: http://sourceforge.net/projects/wikid-twofactor/.

The open source release is very Redhat/Fedora-oriented at this time.
We're working on making it less so.

What do you mean by 'not such a great idea'? I would think that, for
example, by using public/private keys and validating the second factor
(the PIN) on a secure, remote server that it is more secure than using
just public keys, which might not be secured by a password.

HTH,

Nick

-- 
Nick Owen
WiKID Systems, Inc.
Open Source Two-factor Authentication
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
http://sourceforge.net/projects/wikid-twofactor/