How PAM determines system password and 2FA OTP2019 Community Moderator ElectionWhat does “Cannot make/remove an entry for the specified session” mean?ACL for a binddn user for PAM?Unable to login with password as well as otp in pam moduleUsing pam_listfile.so with radius authenticationCalling a password checking command from PHP using exec() - how to escape user input?389 ldap client authentication issue [CENTOS 7]Disable password complexity check (PAM)PAM: Authentication failure, with valid passwordUbuntu 16 Sudo SU Incorrect Password AttemptsAbout PAM authentication using sssd

Calculating the number of days between 2 dates in Excel

How do ultrasonic sensors differentiate between transmitted and received signals?

What is the opposite of 'gravitas'?

Pronouncing Homer as in modern Greek

Is there a problem with hiding "forgot password" until it's needed?

Meta programming: Declare a new struct on the fly

Is exact Kanji stroke length important?

Are taller landing gear bad for aircraft, particulary large airliners?

Can somebody explain Brexit in a few child-proof sentences?

Is it okay / does it make sense for another player to join a running game of Munchkin?

In Star Trek IV, why did the Bounty go back to a time when whales were already rare?

What does the "3am" section means in manpages?

Is there enough fresh water in the world to eradicate the drinking water crisis?

Is there a good way to store credentials outside of a password manager?

Why isn't KTEX's runway designation 10/28 instead of 9/27?

How to check participants in at events?

Greatest common substring

Reply ‘no position’ while the job posting is still there (‘HiWi’ position in Germany)

Blender - show edges angles “direction”

What is the term when two people sing in harmony, but they aren't singing the same notes?

How do I repair my stair bannister?

Is infinity mathematically observable?

Is the next prime number always the next number divisible by the current prime number, except for any numbers previously divisible by primes?

The most efficient algorithm to find all possible integer pairs which sum to a given integer



How PAM determines system password and 2FA OTP



2019 Community Moderator ElectionWhat does “Cannot make/remove an entry for the specified session” mean?ACL for a binddn user for PAM?Unable to login with password as well as otp in pam moduleUsing pam_listfile.so with radius authenticationCalling a password checking command from PHP using exec() - how to escape user input?389 ldap client authentication issue [CENTOS 7]Disable password complexity check (PAM)PAM: Authentication failure, with valid passwordUbuntu 16 Sudo SU Incorrect Password AttemptsAbout PAM authentication using sssd










0















I configured freeradius+google auth otp



Below are content of /etc/pam.d/radiusd



auth requisite pam_google_authenticator.so 
forward_pass auth required pam_unix.so use_first_pass


I was wondering how pam differentiates systempassword and otp code "s3cretpAss77123456" and use to authenticate against correct password combination since there are not delimiters in between those two passwords.






linux pam google







share|improve this question




























    0















    I configured freeradius+google auth otp



    Below are content of /etc/pam.d/radiusd



    auth requisite pam_google_authenticator.so 
    forward_pass auth required pam_unix.so use_first_pass


    I was wondering how pam differentiates systempassword and otp code "s3cretpAss77123456" and use to authenticate against correct password combination since there are not delimiters in between those two passwords.






    linux pam google







    share|improve this question


























      0












      0








      0








      I configured freeradius+google auth otp



      Below are content of /etc/pam.d/radiusd



      auth requisite pam_google_authenticator.so 
      forward_pass auth required pam_unix.so use_first_pass


      I was wondering how pam differentiates systempassword and otp code "s3cretpAss77123456" and use to authenticate against correct password combination since there are not delimiters in between those two passwords.






      linux pam google







      share|improve this question
















      I configured freeradius+google auth otp



      Below are content of /etc/pam.d/radiusd



      auth requisite pam_google_authenticator.so 
      forward_pass auth required pam_unix.so use_first_pass


      I was wondering how pam differentiates systempassword and otp code "s3cretpAss77123456" and use to authenticate against correct password combination since there are not delimiters in between those two passwords.






      linux pam google




      linux pam google






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 days ago







      satch_boogie

















      asked Mar 22 at 17:05









      satch_boogiesatch_boogie

      165213




      165213




















          1 Answer
          1






          active

          oldest

          votes


















          0














          The Google authentication modifies the password. The codes are a fixed length so it can strip the correct number of characters from the password when it authenticates the code. This way other modules are never confused by seeing the extra characters.



          The password is then passed to other modules without the code appended.



          PAM itself has no idea that there are two passwords in the same string.






          share|improve this answer























          • am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

            – satch_boogie
            Mar 22 at 17:56











          • Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

            – nwildner
            Mar 22 at 18:02










          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508033%2fhow-pam-determines-system-password-and-2fa-otp%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          The Google authentication modifies the password. The codes are a fixed length so it can strip the correct number of characters from the password when it authenticates the code. This way other modules are never confused by seeing the extra characters.



          The password is then passed to other modules without the code appended.



          PAM itself has no idea that there are two passwords in the same string.






          share|improve this answer























          • am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

            – satch_boogie
            Mar 22 at 17:56











          • Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

            – nwildner
            Mar 22 at 18:02















          0














          The Google authentication modifies the password. The codes are a fixed length so it can strip the correct number of characters from the password when it authenticates the code. This way other modules are never confused by seeing the extra characters.



          The password is then passed to other modules without the code appended.



          PAM itself has no idea that there are two passwords in the same string.






          share|improve this answer























          • am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

            – satch_boogie
            Mar 22 at 17:56











          • Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

            – nwildner
            Mar 22 at 18:02













          0












          0








          0







          The Google authentication modifies the password. The codes are a fixed length so it can strip the correct number of characters from the password when it authenticates the code. This way other modules are never confused by seeing the extra characters.



          The password is then passed to other modules without the code appended.



          PAM itself has no idea that there are two passwords in the same string.






          share|improve this answer













          The Google authentication modifies the password. The codes are a fixed length so it can strip the correct number of characters from the password when it authenticates the code. This way other modules are never confused by seeing the extra characters.



          The password is then passed to other modules without the code appended.



          PAM itself has no idea that there are two passwords in the same string.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 22 at 17:21









          Philip CoulingPhilip Couling

          2,2821022




          2,2821022












          • am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

            – satch_boogie
            Mar 22 at 17:56











          • Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

            – nwildner
            Mar 22 at 18:02

















          • am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

            – satch_boogie
            Mar 22 at 17:56











          • Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

            – nwildner
            Mar 22 at 18:02
















          am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

          – satch_boogie
          Mar 22 at 17:56





          am i correct if i understand like this - ' the google pam module strips the last 6 chars from password+otp combination ...and rest of things in authentication continue'

          – satch_boogie
          Mar 22 at 17:56













          Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

          – nwildner
          Mar 22 at 18:02





          Almost right. It does some verification agains 8 digit by trying both. Take a look at github.com/google/google-authenticator-libpam/blob/master/src/…

          – nwildner
          Mar 22 at 18:02

















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508033%2fhow-pam-determines-system-password-and-2fa-otp%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -google, linux, pam
          -

          Popular posts from this blog

          Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

          Image
          Apollo command module space walk? prime numbers and expressing non-prime numbers Can a non-EU citizen traveling with me come with me through the EU passport line? Extract all GPU name, model and GPU ram How to deal with a team lead who never gives me credit? Why was the term "discrete" used in discrete logarithm? Why do we bend a book to keep it straight? When do you get frequent flier miles - when you buy, or when you fly? How come Sam didn't become Lord of Horn Hill? At the end of Thor: Ragnarok why don't the Asgardians turn and head for the Bifrost as per their original plan? Is it true that "carbohydrates are of no use for the basal metabolic need"? Using et al. for a last / senior author rather than for a first author How to tell that you are a giant? How to react to hostile behavior from a senior developer? String `!23` is replaced with `docker` in command line How to find out what spells would be useless to a blind NPC sp...
          Read more

          fontconfig warning: “/etc/fonts/fonts.conf”, line 100: unknown “element blank” The 2019 Stack Overflow Developer Survey Results Are In“tar: unrecognized option --warning” during 'apt-get install'How to fix Fontconfig errorHow do I figure out which font file is chosen for a system generic font alias?Why are some apt-get-installed fonts being ignored by fc-list, xfontsel, etc?Reload settings in /etc/fonts/conf.dTaking 30 seconds longer to boot after upgrade from jessie to stretchHow to match multiple font names with a single <match> element?Adding a custom font to fontconfigRemoving fonts from fontconfig <match> resultsBroken fonts after upgrading Firefox ESR to latest Firefox

          Image
          How to type this arrow in math mode? Multiply Two Integer Polynomials What do hard-Brexiteers want with respect to the Irish border? Why isn't the circumferential light around the M87 black hole's event horizon symmetric? For what reasons would an animal species NOT cross a *horizontal* land bridge? Can one be advised by a professor who is very far away? Identify boardgame from Big movie slides for 30min~1hr skype tenure track application interview Why do we hear so much about the Trump administration deciding to impose and then remove tariffs? If I score a critical hit on an 18 or higher, what are my chances of getting a critical hit if I roll 3d20? Can we generate random numbers using irrational numbers like π and e? Worn-tile Scrabble Output the Arecibo Message What is the meaning of Triage in Cybersec world? How are circuits which use complex ICs normally simulated? Shouldn't "much" here be used instead of "more"? Dele...
          Read more

          Shilpa Shastras Contents Description In painting In carpentry In metallurgy Shilpa Shastra education in ancient India Treatises on Shilpa Shastras See also References Further reading External links Navigation menueOverviewTraditions of the Indian Craftsman251930242ŚilpinŚilpiniTraditions of the Indian CraftsmanThe Technique of Wall Painting in Ancient IndiaEssay on the Architecture of the HindusThe Journal of the Society of Arts10.1007/s11837-998-0378-3The role of India in the diffusion of early culturesTraditions of the Indian CraftsmanAn Encyclopedia of Hindu ArchitectureBibliography of Vastu Shastra Literature, 1834-2009The Technique of Wall Painting in Ancient India4483067Les lapidaires indiens

          Image
          Hindu textsHindu architectureIndian architectural historyIndian iconography SanskritHindu textsHindu iconographyMonier-WilliamsVastu ShastrasVishvakarmaHindu templecupolacrucibleblowerpanchadhatuashtadhatuIron Pillar of DelhiParasharadharmaPurusha Shilpa Shastra Temples Carpentry Sculpture 1st century BC jewelry Shilpa Shastras are ancient texts that describe design and principles for a wide range of arts and crafts. [1] Part of a series on Hinduism Hindus History Origins History Indus Valley Civilisation Historical Vedic religion Śramaṇa Tribal religions in India Main traditions Vaishnavism Shaivism Shaktism Smartism Deities Trimurti Brahma Vishnu Shiva Other major Devas / Devis Vedic Indra Agni Prajapati Rudra Devi Saraswati Ushas Varuna Vayu Post-Vedic Durga Ganesha Hanuman Kali Kartikeya Krishna Lakshmi Parvati Radha Rama Shakti Sita Concepts Worldview Hindu cosmology Puranic chronology Hindu mythology Supreme Reality Brahman Om God Ishvara God in Hinduism God and ...
          Read more