Improved script for user OTP generation, tested with pamtester
This commit is contained in:
Fabio Napoleoni
parent
5ca92a2c5e
commit
6084261943
27
bin/ovpn_otp_user
Executable file
27
bin/ovpn_otp_user
Executable file
@ -0,0 +1,27 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#
|
||||||
|
# Generate OpenVPN users via google authenticator
|
||||||
|
#
|
||||||
|
|
||||||
|
if ! source "$OPENVPN/ovpn_env.sh"; then
|
||||||
|
echo "Could not source $OPENVPN/ovpn_env.sh."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "x$OVPN_OTP_AUTH" != "x1" ]; then
|
||||||
|
echo "OTP authentication not enabled, please regenerate configuration using -2 flag"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
echo "Usage: ovpn_otp_user USERNAME"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure the otp folder is present
|
||||||
|
[ -d /etc/openvpn/otp ] || mkdir -p /etc/openvpn/otp
|
||||||
|
|
||||||
|
# Bin is present in image, save an $user.google_authenticator file in /etc/openvpn/otp
|
||||||
|
/usr/bin/google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
|
||||||
|
"${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator
|
||||||
Loading…
Reference in New Issue
Block a user