smspasswd 0.1
Sponsored Links
smspasswd 0.1 Ranking & Summary
File size:
0.004 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
839
Date added:
2007-07-11
Publisher:
ethings
smspasswd 0.1 description
smspasswd software provides two factor authentication via cell phone short message service (SMS). The reason I wrote this was because of all the pesky SSH brute force attacks, which continue to build in numbers. I didn’t want to waste money and time on using tokens because the few people who have accounts on my machines also have mobile phones.
I’m stoked that I have been using this since v0.1 back in 2005 and so far it’s worked very well with no changes. I’m hoping for feedback to get me motivated to develop this some more. Thanks to my good friend Solomon who has encouraged me to start posting some of my fun projects on the web.
Any feedback is more than welcome to ed -at- e-things.org.
How does this work?
The simple explanation for the average user goes a little like this. You use your normal password followed by a 6 digit number. To get access to a system you need to send an SMS from your pre-registered mobile phone number with a PIN. The systems admin folk will assign you a 4 digit pin and give you the mobile number to send your login request to. So, when you want to login, just send a text (SMS) to the phone number provided, with your 4 digit PIN. Shortly after you will receive a 6 digit number in a text (SMS) to your phone. Then login as normal using you normal password followed by the 6 digit number. You can use this same 6 digit number as many times as you like within a time period set by the systems admin folk. Simple right? Ok then, perhaps not much more complex than a token?
Now for the spanner-head explanation. smspasswd is a Perl application that runs as a daemon. It uses a MySQL back-end database which stores the usernames, mobile numbers, PIN’s, passwords, tokens, and the amount of time each users token (temporary x digit code) is valid for. smspasswd uses the information in the MySQl database to update your LDAP server based on a polling frequency you set in it’s config file. You can also set lots of other options in the config file and these are covered in the Features section below. smspasswd talks to a SMS gateway to send and receive new token requests. In my case it’s a cheap pre-paid Nokia 7110 connected to COM1 (/dev/ttys0) via gnokii.
The authentication process goes a little like this. The user sends a SMS to your gnokii phone with their PIN. Note the PIN is not really important because it will get saved in the users SMS outbox, so it could just be “request” or “foobar”. What’s important is that the SMS must come from the correct number for that user, and even if this could be spoofed, the reply will still go the users mobile number in the database anyway. Then smspasswd checks the database for the users mobile phone number and if it finds a match it will send a x digit code to the number registered for that user. At this point the password for this user will be updated in the local LDAP server with their normal password, followed by their new x digit code. Once the user has the SMS with the new code they can login.
You should setup your systems and applications for LDAP authentication, and if you wish you can configure your FreeRADUIS server to authenticate via OpenLDAP. Or you can use some commercial LDAP or RADIUS system. FreeRADIUS and OpenLDAP work just fine for me.
Confused? Drop me an email and I’ll make a nice diagram with Dia.
Features
Here’s the config file, and check the source.
##################################################
# smspasswd config file
#
##################################################
# minumum password length
#
minPasswordLength 6
# minimum username length
#
minUsernameLength 2
# minimum PIN length
#
minPinLength 4
# database options
#
dbName smspasswd
dbUsername smspasswd
dbPassword [enter the database users password here]
dbHostname localhost
dbPort 3306
dbEncryptionKey [enter a very long and random string here]
# gnokii options
#
gnokii /usr/local/bin/gnokii
gnokiiMailBox IN
# Check interval. This is the amount of time to
# wait between incoming SMS checks in seconds as
# well as user timeout checks
#
checkInterval 15
# LDAP server option
#
ldapServer localhost
ldapBindDn cn=Manager,dc=yourdomain,dc=com
ldapPassword [enter your LDAP users password here]
ldapBiseDn ou=People,dc=yourdomain,dc=com
# Email notification for non pin request SMS messages
# This is very useful if you would like to be emailed
# the ‘your pre-paid account is about to expire’ messages.
# Note: PIN requests will not be emailed.
#
emailNotify yes
emailToAddress root@localhost
emailFromAddress root@localhost
emailSubject SMS notification from smspasswd
I’m stoked that I have been using this since v0.1 back in 2005 and so far it’s worked very well with no changes. I’m hoping for feedback to get me motivated to develop this some more. Thanks to my good friend Solomon who has encouraged me to start posting some of my fun projects on the web.
Any feedback is more than welcome to ed -at- e-things.org.
How does this work?
The simple explanation for the average user goes a little like this. You use your normal password followed by a 6 digit number. To get access to a system you need to send an SMS from your pre-registered mobile phone number with a PIN. The systems admin folk will assign you a 4 digit pin and give you the mobile number to send your login request to. So, when you want to login, just send a text (SMS) to the phone number provided, with your 4 digit PIN. Shortly after you will receive a 6 digit number in a text (SMS) to your phone. Then login as normal using you normal password followed by the 6 digit number. You can use this same 6 digit number as many times as you like within a time period set by the systems admin folk. Simple right? Ok then, perhaps not much more complex than a token?
Now for the spanner-head explanation. smspasswd is a Perl application that runs as a daemon. It uses a MySQL back-end database which stores the usernames, mobile numbers, PIN’s, passwords, tokens, and the amount of time each users token (temporary x digit code) is valid for. smspasswd uses the information in the MySQl database to update your LDAP server based on a polling frequency you set in it’s config file. You can also set lots of other options in the config file and these are covered in the Features section below. smspasswd talks to a SMS gateway to send and receive new token requests. In my case it’s a cheap pre-paid Nokia 7110 connected to COM1 (/dev/ttys0) via gnokii.
The authentication process goes a little like this. The user sends a SMS to your gnokii phone with their PIN. Note the PIN is not really important because it will get saved in the users SMS outbox, so it could just be “request” or “foobar”. What’s important is that the SMS must come from the correct number for that user, and even if this could be spoofed, the reply will still go the users mobile number in the database anyway. Then smspasswd checks the database for the users mobile phone number and if it finds a match it will send a x digit code to the number registered for that user. At this point the password for this user will be updated in the local LDAP server with their normal password, followed by their new x digit code. Once the user has the SMS with the new code they can login.
You should setup your systems and applications for LDAP authentication, and if you wish you can configure your FreeRADUIS server to authenticate via OpenLDAP. Or you can use some commercial LDAP or RADIUS system. FreeRADIUS and OpenLDAP work just fine for me.
Confused? Drop me an email and I’ll make a nice diagram with Dia.
Features
Here’s the config file, and check the source.
##################################################
# smspasswd config file
#
##################################################
# minumum password length
#
minPasswordLength 6
# minimum username length
#
minUsernameLength 2
# minimum PIN length
#
minPinLength 4
# database options
#
dbName smspasswd
dbUsername smspasswd
dbPassword [enter the database users password here]
dbHostname localhost
dbPort 3306
dbEncryptionKey [enter a very long and random string here]
# gnokii options
#
gnokii /usr/local/bin/gnokii
gnokiiMailBox IN
# Check interval. This is the amount of time to
# wait between incoming SMS checks in seconds as
# well as user timeout checks
#
checkInterval 15
# LDAP server option
#
ldapServer localhost
ldapBindDn cn=Manager,dc=yourdomain,dc=com
ldapPassword [enter your LDAP users password here]
ldapBiseDn ou=People,dc=yourdomain,dc=com
# Email notification for non pin request SMS messages
# This is very useful if you would like to be emailed
# the ‘your pre-paid account is about to expire’ messages.
# Note: PIN requests will not be emailed.
#
emailNotify yes
emailToAddress root@localhost
emailFromAddress root@localhost
emailSubject SMS notification from smspasswd
smspasswd 0.1 Screenshot
smspasswd 0.1 Keywords
SMS
LDAP
PIN
Two Factor Authentication
short message service
software provides
two factor
short message
Message Service
Config file
Digit Number
smspasswd
number
phone
digit
password
Bookmark smspasswd 0.1
smspasswd 0.1 Copyright
WareSeeker periodically updates pricing and software information of smspasswd 0.1 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of smspasswd 0.1 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
phone numbers
short message service center
short message services
phone number lookup
short message service history
short message service server
phone number search
short message service centre
two-factor authentication
Short message service technical realisation
phone number
two factor authentication solutions
short message service technology
what is two factor authentication
reverse phone number
sms short message service
ffiec two factor authentication
numbersusa
Related Software
GaimSMS is a Gaim plugin which will forward all incoming IMs to a mobile phone number via SMS when you are idle. Free Download
pam_usb is a PAM module that enables either two-factor or password-less authentication using an USB storage device. Free Download
DBIx::Password provides an abstraction layer for password maintenance. Free Download
mod_auth_bsd is an Apache module that supports BSD Authentication on OpenBSD. Free Download
WWW::Myspace::Data is a WWW::Myspace database interaction. Free Download
SMBNetFS is a user-space filesystem for Linux. Free Download
VNC Spy monitors network traffic to find keystrokes entered into a VNC viewer. Free Download
RearSite is a simple collaborative Web site manager. Free Download
Latest Software
Popular Software
Favourite Software
