files/2fa/pam_url.conf.cloud


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

pam_url:
{
	settings:
	{
		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
		userfield = "user";				# userfield name to send
		passwdfield = "token";				# passwdfield name to send
		extradata = "&do=login";			# extradata to send
		prompt = "Password+Token: ";			# password prompt
	};

	ssl:
	{
		verify_peer = true;				# Should we verify SSL ?
		verify_host = true;				# Should we verify the CN in the SSL cert?
		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
	};
};