Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about Linux Token how to carry out one-time password authentication, many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

1. What is Token?

Token (token) is an authentication identity, token also has a feature, that is, there is an expiration time. That is, tokens are not valid for a long time.

two。 Why use tokens?

We usually need temporary or disposable authentication.

3. When can I use token technology?

For example, we go to a restaurant, get the Wifi password from the front desk, and then enjoy 30 minutes of Internet service. The password will expire after 30 minutes.

Our company has many servers, password management is very troublesome, sometimes there will be personnel changes, once the personnel change, all server passwords need to be changed, very troublesome, occasionally omitted to change the situation, the use of fortress machine can better manage passwords, but the cost is very expensive.

So I think of Token technology, but it costs a lot of money to buy Token hardware. I am very clear about the principle of Token. By calculating the same peer key through a symmetric algorithm, we can develop our own mobile devices without buying hardware devices, so we can develop a mobile version of Token***.

4. Where is the Token application of this article?

I use Token technology to realize the password cycle change of Linux specified users, and take time as the basis, the mobile phone synchronizes the password on the server. In order to prevent the password from being exhausted, I added 4 interfering characters.

If you feel insecure about the strength of the cryptographic algorithm, you can modify the complexity yourself.

You can also change your password remotely without saying much.

5. Who will deploy?

First, the administrator deploys the password modification program chpasswd.sh, and then adds it to crontab to run regularly. Considering the uneven level of readers, I use shell to do it, so that most readers can understand it.

# cat chpasswd.sh #! / bin/bash datetime= `date +% Y-%m-%d "% H": "% M` email=" neo.chan@live.com "# password=$ (cat / dev/urandom | tr-cd [: alnum:] | fold-W30 | head-n 1) string=$ (date-u" +% Y$1%m$2%d$3%H$4%M ") password=$ (echo $string | md5sum | cut-c 2-9 | base64 | tr-d" = "| cut-c 1- 32) echo $password > ~ / .lastpasswd echo $password | passwd www-- stdin > / dev/null

* one time password is saved in lastpasswd

Crontab setting to change the password every minute.

# crontab-l * / 1 * / root/chpasswd.sh ab c d

A b c d can be set by itself, which is the same as that of mobile phone.

At this point, the server side configuration is complete.

6. Mobile configuration

Install Token.apk files to your phone

Https://github.com/oscm/Token

6.1. Set password

Confirm password

Select environment

Set interference code

6.2. View server password

6.3. Set refresh time

By default, it will be refreshed once every minute, and the password may be updated before you have time to enter it.

If you modify this item, the settings in the server-side crontab can be changed synchronously.

After reading the above, do you have any further understanding of how Linux Token carries out one-time password authentication? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.