Browse code
update readme
Greg Wiley authored on 28/04/2017 00:18:56
Showing 1 changed files
Showing 1 changed files
... | ... |
@@ -7,9 +7,30 @@ At **CJ Engineering**, we will be implementing Dual Control on our production bo |
7 | 7 |
|
8 | 8 |
Dual Control is an open source project licensed under the [GNU General Public License](https://github.com/cjdev/dual-control/blob/master/COPYING). As it stands, Dual Control is written only for machines running Linux. However, we graciously welcome contributions, particularly those related to portability to other operating systems. |
9 | 9 |
|
10 |
-## For ZFR |
|
11 |
-* setup a native project |
|
12 |
- * for Linux (docker, virtualbox) |
|
13 |
-* installer |
|
14 |
-* CI + CD |
|
15 |
-* Logging |
|
10 |
+## Status |
|
11 |
+This is in active development. The current version uses a permanent token. The final version will |
|
12 |
+use a time-based OTP. |
|
13 |
+ |
|
14 |
+## Install |
|
15 |
+- Obtain and install the RPM |
|
16 |
+ - build yourself using the code in /cjdev/dual-control-rpm |
|
17 |
+ - get it from a developer |
|
18 |
+- Edit the `/etc/pam.d/sudo` (CentOS 7) |
|
19 |
+ - replace the existing auth lines with |
|
20 |
+``` |
|
21 |
+auth required pam_env.so |
|
22 |
+auth sufficient pam_unix.so nullok try_first_pass |
|
23 |
+auth requisite pam_succeed_if.so uid >= 1000 quiet_success |
|
24 |
+auth required pam_deny.so |
|
25 |
+``` |
|
26 |
+ |
|
27 |
+## Add a dual control token |
|
28 |
+- in the authorizer's account home, put the token characters in `.dual_control` |
|
29 |
+ |
|
30 |
+## Use |
|
31 |
+- log in with a test user that has `sudo` ability (not the vagrant account it is too |
|
32 |
+powerful) |
|
33 |
+- type `sudo bash` |
|
34 |
+- enter your password |
|
35 |
+- enter dual control token, authorizer's username + ':' + authorizer's token |
|
36 |
+ |