Releases: ralt/hermes
Releases · ralt/hermes
Release 1.6
1.6
This tag was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
8783daa
This commit was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
* Retries more often with less delay Instead of trying once every second, retry once every 100ms.
Release 1.5
1.5
This tag was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
d7a15f1
This commit was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
* Adds overrideable variables Although hermes is opinionated, it might be run on unconventional systems. (For example, read-only filesystems.) To help on these systems, a few variables are overrideable through environment variables: - USER_TOKENS_PATH: defaults to /etc/hermes/ (the trailing slash is important) - STORAGE_DEVICE_PREFIX: defaults to "sd" - DEVICES_FOLDER: defaults to "/dev/" (the trailing slash is important)
Release 1.4
1.4
This tag was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
* Tries several times over 5 seconds to find a hermes device When an usb stick is plugged in, the OS can take several seconds to mount the device in /dev/. If PAM is called too quickly, this results in a failure even if the key was inserted, which is definitely not the correct behavior. Hermes now tries to find a hermes device 6 times every second (so, during 5 seconds). This value may have to be tweaked down, up or configurable depending on feedback. "Configurable" is really the last option I want though.
Release 1.3
1.3
This tag was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
8bcda6e
This commit was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
3 new features: 1. Adds safe one-time tokens 2. Adds syslog facilities 3. Adds the user to hermes group on hermes write 1. Safe one-time tokens Safe one-time tokens means that now, hermes is reasonably certain that the token can be regenerated every time, and if writes fail, they can be recovered. This means your usb key will *always* be valid. This means there are 3 cases where login can fail: - You have either the wrong usb key or the wrong computer - Someone changed your /etc/hermes/<user> file - Someone copied your usb token and used it to login on your computer 2. Syslog Hermes will now write to /var/log/auth.log to have an easier way to follow what it is doing. 3. hermes write Adding the user manually is not necessary, so this is just a convenience for the users.
Release 1.2
1.2
This tag was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
cb0a822
This commit was signed with the committer’s verified signature.
The key has expired.
ralt
Florian Margaine
* Adds one-time tokens * Moves the service to a Common Lisp-based daemon The move of the service is simply because having it in C doesn't make much sense. Having the long-running process in a memory managed language is much better. One-time tokens simply means that every time there is a successful login, new tokens are regenerated and put on both the device and the user's file. This gives more protections against the following attacks: - If a user copies your key, his copy won't work after the next time you login. - If a user logs in with a copied token, your usb key won't let you login, which lets you know that your token was compromised. However, there is a slight risk right now: it's not possible to write both in the usb key and in /etc/hermes/$USER and be completely sure that both are written correctly, since there is no transaction mechanism. This is the matter that release 1.3 is going to tackle.