Project

ga_verify

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
ga_verifyfredemmott/ga-verifyHomepageDocumentationSource CodeBug TrackerWiki
Provides a unix socket for validating tokens
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,552
Stars
1
Forks
0
Watchers
2
 Releases
Current version
0.0.1
Total releases
1
First release
2011-08-01
Latest release
2011-08-01
 Development
Primary Language
Ruby
Average date of last 50 commits
2011-08-05
Reverse Dependencies
0

 Dependencies

Runtime

rotp
~> 1.3.0
thrift
~> 0.6.0
 Project Readme

Overview¶ ↑

This is:

  • a Thrift daemon for validating Google Authenticator tokens

  • a Ruby client

  • an example client

It is easy to create a client in any language supported by Apache Thrift.

Usage¶ ↑

Assuming google-authenticator is setup, as root:

bin/ga-verifyd &
chmod 777 /var/run/ga_verifyd.sock

Then as an unprivileged user:

bin/ga-verify fred 123456

bin/ga-verify is a small example client.

Getting it¶ ↑ 

git clone git://github.com/fredemmott/ga-verify.git

or

gem install ga_verify

Security¶ ↑

The main goal of this is to make it so that google authenticator tokens can be checked by untrusted processes, without having to give them permission to read the google authenticator files.

Also consider:

  • 1 token past or previous is allowed

  • Tokens can not be re-used within 10 minutes - after that amount of time, they would be invalid anyway

  • It currently only supports running on a unix socket, not TCP

Shortcomings¶ ↑

It merely checks the code is valid given the above constraints. It does not currently use Google’s PAM implementation, so it supports none of the following:

  • scratch codes

  • per-user retry and re-use settings

Copying¶ ↑

See the COPYING file.