[Swan] Authentication with pam_url and nonces

Mirsad Goran Todorovac mirsad.todorovac at alu.unizg.hr
Sun Feb 6 20:21:28 EET 2022

Hi all,

The passwordless authentication over pam_url used with IKEv2 with the 
certificates was considered
a source of brute force attacks and a dangerous module to implement for 
it could allow everyone to
access the system if accidentally left as the only and sufficient module 
in PAM stack.

Mainly, the PHP script controlled access over IP address and that was 
the possible door for fake IP
impersonations despite using libcurl.4.0 and TLSv1.3.

I have considered implementing authentication over PSK authenticating 
module and PHP script over
a variant of HMAC-SHA256. Although the secret was never transferred in 
cleartext and not even over
TLSv1.3, I used to have a naive nonce generation with PRF seeded from 
nanoseconds of the Linux
monotonous clock which doesn't have the nanosecond resolution in the 
first place.

Now I don't seed the PRNG every time except on first call to the nonce 
generator, so I am guaranteed
to get different nonce every time even if called several time within the 
same nanosecond.

So, the main question appears to be if there is a smarter way of 
preventing brute force replay attacks
than having a database of already used nonces. Especially when 
considering possible DoS attack scenarios.

The code is published here for your convenience: 

The experimental PHP script for authorization is in the folder 

The PAM module should build out-of-the-box and if it doesn't, please 
submit bug reports.

Thank you very much.

Kind regards,
Mirsad Todorovac

Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355

More information about the Swan mailing list