Improved script for user OTP generation, tested with pamtester

2016-02-06 21:31:08 +01:00 · 2016-02-06 21:31:08 +01:00 · 6084261943
commit 6084261943
parent 5ca92a2c5e
1 changed files with 27 additions and 0 deletions
--- a/bin/ovpn_otp_user
+++ b/bin/ovpn_otp_user
@ -0,0 +1,27 @@
+#!/bin/bash
+
+#
+# Generate OpenVPN users via google authenticator
+#
+
+if ! source "$OPENVPN/ovpn_env.sh"; then
+    echo "Could not source $OPENVPN/ovpn_env.sh."
+    exit 1
+fi
+
+if [ "x$OVPN_OTP_AUTH" != "x1" ]; then
+    echo "OTP authentication not enabled, please regenerate configuration using -2 flag"
+    exit 1
+fi
+
+if [ -z $1 ]; then
+    echo "Usage: ovpn_otp_user USERNAME"
+    exit 1
+fi
+
+# Ensure the otp folder is present
+[ -d /etc/openvpn/otp ] || mkdir -p /etc/openvpn/otp
+
+# Bin is present in image, save an $user.google_authenticator file in /etc/openvpn/otp
+/usr/bin/google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
+    "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator