16 Nov 2012 yeupou   » (Master)

Providing temporary password access over http

I’m not exactly proud about this one in many regards (security, for instance) by was actually something needed by a relative that, from time to time, go to some random shop to print PDFs. Having to put them on a device like a USB Key or hard disk is some kind of a nuisance, especially when your own workstation is behind a static IP.

The way it works is that it asks you for a password. If you have none, then it’ll send you a random one by mail. This password will be erased after an hour.

Security notes: this could be subject to packet sniffing so I don’t suggest to use it as it is for any sensitive data. It can easily be improved in regards of security depending on the end user you’re targetting, in my case it had to remain as basic as possible. It logs everything so fail2ban and other tools can easily be set in motion.

It’s composed a perl script, a cronjob and a nginx example config file. The perl script will ask the user for a valid user name and set up the temporary access accordingly. The cronjob will be used to reset passwords. The sample nginx shows how to run the perl script as appropriate error page and provided access either by basic auth or IP.

Install guide from the README :

1) It assumes your nginx supports perl like in
http://nginxlibrary.com/perl-fastcgi/:

apt-get install nginx libfcgi-perl wget
wget http://nginxlibrary.com/downloads/perl-fcgi/fastcgi-wrapper -O /usr/bin/fastcgi-wrapper.pl
wget http://nginxlibrary.com/downloads/perl-fcgi/perl-fcgi -O /etc/init.d/perl-fcgi
chmod +x /usr/bin/fastcgi-wrapper.pl
chmod +x /etc/init.d/perl-fcgi
update-rc.d perl-fcgi defaults
insserv perl-fcgi

2) Copy and edit the nginx sample and crontab sample into the appropriate places:
- something like /etc/nginx/site-available/transit symlinked to /etc/nginx/site-enabled
- /etc/cron.d/transit

3) Then you must create a group named transit and add to it users that
are entitled to use this.

4) You must also make sure nginx (www-data?) can write to the directory where
you store the .passwd file. In the default case here, it’s /etc/nginx/passwd/


Syndicated 2012-11-16 14:35:14 from # cd /scratch

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!