In a few words:

The module allows for a:

  • Secure
  • Single use password
  • Offline

Login, to any device capable of running:

  • PAM
  • PGP

No connectivity, secret key or clock synchronization needed.
For more details, see the readme of the repository at:
https://github.com/unaPoloGTIc/trex-pam

Running the demo:

Setup

  • Get the image: 
     docker pull trexsec/pam-demo:latest
  • Run the container: 
     docker run -td --rm --network host --name trex-demo trexsec/pam-demo:latest
  • SSH into the demo: (replace device-address with the actual address, usually localhost) 
    ssh -o StrictHostKeyChecking=no docker@device-address -p2222
  • Follow the instructions printed.
  • Password for users docker, root is 1234
  • User docker has the module enabled, user root does not.

Once convinced that:

  • The container does not access the Internet
  • The container does not need to sync the time
  • The container does not hold any secret key of value (optional temp. HTTPS key only).
  • To login, a PGP message must be decrypted
  • The message is only used once
  • The message can also be obtained as a QR code

Proceed to the demo of the proprietary product:

Submit the form:

Demo OTP



A full demo includes:

  • Full on-premise control of the keys used.
  • Control and configure users and permissions.
  • See logs with login attempts and history.
  • See other front-ends in action.