Providing temporary password access over http
I’m not exactly proud about this one in many regards (security, for instance) by was actually something needed by a relative that, from time to time, go to some random shop to print PDFs. Having to put them on a device like a USB Key or hard disk is some kind of a nuisance, especially when your own workstation is behind a static IP.
The way it works is that it asks you for a password. If you have none, then it’ll send you a random one by mail. This password will be erased after an hour.
Security notes: this could be subject to packet sniffing so I don’t suggest to use it as it is for any sensitive data. It can easily be improved in regards of security depending on the end user you’re targetting, in my case it had to remain as basic as possible. It logs everything so fail2ban and other tools can easily be set in motion.
It’s composed a perl script, a cronjob and a nginx example config file. The perl script will ask the user for a valid user name and set up the temporary access accordingly. The cronjob will be used to reset passwords. The sample nginx shows how to run the perl script as appropriate error page and provided access either by basic auth or IP.
Install guide from the README :
1) It assumes your nginx supports perl like in
apt-get install nginx libfcgi-perl wget wget http://nginxlibrary.com/downloads/perl-fcgi/fastcgi-wrapper -O /usr/bin/fastcgi-wrapper.pl wget http://nginxlibrary.com/downloads/perl-fcgi/perl-fcgi -O /etc/init.d/perl-fcgi chmod +x /usr/bin/fastcgi-wrapper.pl chmod +x /etc/init.d/perl-fcgi update-rc.d perl-fcgi defaults insserv perl-fcgi
2) Copy and edit the nginx sample and crontab sample into the appropriate places:
- something like /etc/nginx/site-available/transit symlinked to /etc/nginx/site-enabled
3) Then you must create a group named transit and add to it users that
are entitled to use this.
4) You must also make sure nginx (www-data?) can write to the directory where
you store the .passwd file. In the default case here, it’s /etc/nginx/passwd/