Introduction: Sudo Authentication Via Old Phone Dial Pad
This project is about making an alternate authentication method for sudo running on linux systems using a arduino with a dial pad from an old phone.
Step 1: Harware
Normally the dial pad used in this project has four therminal. one pair is a normally open switch than closes when the dial is off the initian position, the second one is normally closed tha opens on each pulse.
The schematic only consist of tree simple pullup resistor conections like this one.
VCC - R(100Ohm) - ARDUINO PIN - SWITCH - GND
The thrid one is used for a switch to manually tell the arduino to send the data to the computer.
The schematic only consist of tree simple pullup resistor conections like this one.
VCC - R(100Ohm) - ARDUINO PIN - SWITCH - GND
The thrid one is used for a switch to manually tell the arduino to send the data to the computer.
Step 2: Software
The software part of this project has two parts:
1) An arduino sketch to interface between the dial pad and the PC via serial comm
2) A small shell script that reads the dialed number and compares it agaist the stored password.
On linux the authentication process is done with something called PAM modules which are executed based on certain predefined roules defined on /etc/pam.conf and /etc/pam.d/
To enable de athentication just add the following line at the beginning /etc/pam.d/sudo :
auth sufficient pam_exec.so /PATH TO SCRIPT/serial_auth
1) An arduino sketch to interface between the dial pad and the PC via serial comm
2) A small shell script that reads the dialed number and compares it agaist the stored password.
On linux the authentication process is done with something called PAM modules which are executed based on certain predefined roules defined on /etc/pam.conf and /etc/pam.d/
To enable de athentication just add the following line at the beginning /etc/pam.d/sudo :
auth sufficient pam_exec.so /PATH TO SCRIPT/serial_auth
Attachments
Step 3: Disclaimer
This instructable was intended as a simple proof of concept rather than a secure altenate login mechanism.