# Login Process



## fullauto2012 (Jan 24, 2018)

I want to wrote a 2 factor authentication script that runs after PAM authentication that texts my phone a random 6 digit number and waits for 60 seconds for me to type in the result... I have it all basically writen in my head, but I cannot for the life of me find any literature as to where to 'inject' the script.

As always, any help will be appreciated...


----------



## scotia (Jan 24, 2018)

In your login script? ~/.cshrc or ~/.bashrc etc...

PAM does already have a 2FA plugin (that I use): *oath-toolkit* Library, tools, and PAM module for OATH authentication.
You just need an authenticator on your phone (Google, Authy, etc.)


----------



## fullauto2012 (Jan 24, 2018)

I appreciate that. But, the whole point of the exercises was 2 fold.  First, I wanted to get familiar enough with the login process that I CAN do it myself. Second, I don't want anything through google... 
I'll look into ~.cshrc, but I was hoping for a more system wide solution. Then again, that might work well with a script I wrote that synchronizes user directories with /etc/skel.


----------



## scotia (Jan 24, 2018)

Just to be clear OATH has nothing to do with google.  It implements RFCs 4226 6238 among others.  It's just that Google has written a free mobile app that implements TOPT.  Personally I use Authy.  I also tie it in with ap24-mod_authn_otp on my reverse proxy.

Good luck with your project!

Scott


----------

