From 608426194352e0e24784aecd8ff964a4e2758f1a Mon Sep 17 00:00:00 2001 From: Fabio Napoleoni Date: Sat, 6 Feb 2016 21:31:08 +0100 Subject: [PATCH] Improved script for user OTP generation, tested with pamtester --- bin/ovpn_otp_user | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100755 bin/ovpn_otp_user diff --git a/bin/ovpn_otp_user b/bin/ovpn_otp_user new file mode 100755 index 0000000..090d7ac --- /dev/null +++ b/bin/ovpn_otp_user @@ -0,0 +1,27 @@ +#!/bin/bash + +# +# Generate OpenVPN users via google authenticator +# + +if ! source "$OPENVPN/ovpn_env.sh"; then + echo "Could not source $OPENVPN/ovpn_env.sh." + exit 1 +fi + +if [ "x$OVPN_OTP_AUTH" != "x1" ]; then + echo "OTP authentication not enabled, please regenerate configuration using -2 flag" + exit 1 +fi + +if [ -z $1 ]; then + echo "Usage: ovpn_otp_user USERNAME" + exit 1 +fi + +# Ensure the otp folder is present +[ -d /etc/openvpn/otp ] || mkdir -p /etc/openvpn/otp + +# Bin is present in image, save an $user.google_authenticator file in /etc/openvpn/otp +/usr/bin/google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ + "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator