Skip to content

A PAM module to use a bitcoin address for credentials

License

Notifications You must be signed in to change notification settings

lohanspies/libpam-bitid

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

libpam-bitid

A PAM module to use a bitcoin address for credentials.

This module is an implementation of the BitID protocol.

Currently only console and telnet login are supported.

Download

Current release:

Releases are archived in the git repository:

Requires

  • autoconfig
  • libtool

Build

  1. git clone https://github.com/angrycod/libpam-bitid.git
  2. cd libpam_bitid
  3. ./autogen.sh
  4. ./configure --prefix=/usr
  5. make

Install

  1. sudo make install
  2. sudo cp examples/bitid.access /etc/bitid.access
  3. sudo vi /etc/pam.d/login Edit to add the lines from examples/login.diff

Ubuntu/debian install

  1. sudo dpkg -i libpam-bitid_0.1.0_amd64.deb

Configuration

vi /etc/bitid.access Edit to include your list of allowed address/username pairs

# bitid.access:
# List of users allowed access using login by bitcoin address
#
# format:
# bitcoin-address, username
1DvRd44mD8EuCcym8zymYzabvmozwZ5r8G, btctest

vi /etc/pam.d/login Edit to allow bitid login using telnet:

Add this line at the very top: auth optional pam_bitid.so file=/etc/bitid.access

And comment out this line: # @include common-auth

If common-auth is still enabled then pam will try and do a unix login after doing the bitid login.

Logs

Check /var/log/auth.log on Ubuntu for output of libpam-bitid module.

Upon successful bitid authentication you will see messages from pam_bitid.

pam_bitid(login:auth): user: btctest allowed access from: 1DvRd44mD8EuCcym8zymYzabvmozwZ5r8G

Testing example configuration

It's clunky, but for testing this select the address in electrum and sign the challenge message provided by the pam-bitid login with that.

To get a login prompt, telnet 127.0.0.1 and then enter your bitcoin address.

$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Ubuntu 14.04.1 LTS
bitcoin address: 1DvRd44mD8EuCcym8zymYzabvmozwZ5r8G
challenge message: dbcbd542b29a3c4298651035ae6eaed3
signature: HE8DDp4eAEy61417XTPAQTOqPBcLP2h0Y0sTB9hfFILCv8ZpLzdH6dh/z6+o7A4VwwjM1Qq2SFVcgyf7U51JhdE=
Last login: Wed May 21 18:42:01 PDT 2014 from localhost on pts/17
Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-12-generic x86_64)
 
btctest:~$

Notes:

  • Signatures are in electrum format, so signature will not be valid if using another format. Many clients use the electrum format, so clients other than electrum may work okay.

References

Credits

Jay Schulist [email protected]

About

A PAM module to use a bitcoin address for credentials

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 75.4%
  • M4 23.2%
  • Makefile 1.3%
  • Shell 0.1%