1

Is it possible for PAM to remember that a second factor authentication has passed for a short period of time, e.g. an hour? This would have to be keyed to a user and IP address.

For example:

  • Log in as tom from 1.2.3.4, password, 2FA, logged in.
  • Log in as tom from 1.2.3.4, password, logged in.
  • Log in as tom from 1.2.3.4, public key auth, logged in.
  • Log in as tom from 200.2.3.4, public key auth, 2FA, logged in.
  • Wait an hour, log in as tom from 1.2.3.4, public key auth, 2FA, logged in.
gak
  • 743
  • 1
  • 9
  • 23

0 Answers0