Projects / LinOTP


LinOTP is a solution for strong two-factor authentication with one time passwords. It features a modular architecture into which UserIdResolver, authentication, and OTP calculation modules can be plugged. It includes UserIdResolver modules for LDAP/AD, SQL, and flat file user databases, and authentication modules for PAM and RADIUS. New modules can be developed easily. Supported tokens are HMAC-OTP/HOTP (RFC 4226/ OATH compliant), Aladdin eToken PASS, eToken NG-OTP, Safeword Alpine, Yubikey, Google Authenticator, motp, SMS OTP/Mobile TAN, email token, and a Simple Pass token for users without token hardware. TOTP is supported, along with a new algorithm for daily passwords for applications not supporting RADIUS. OCRA tokens are supported to allow transaction signing in banking environments. CLI, Web, and GTK+ GUI clients are available for management. LinOTP features multi-client capability, redundancy, and a self-service portal. It has been used with PAM for local and SSH logins, Apache, VPN, and Windows Terminal Server, and is OATH certified.

Operating Systems

Last announcement

Youtube channel available 28 Nov 2013 09:11

We added a youtube channel, where we plan to release some explaining videos.

Recent releases

  •  28 Mar 2014 17:17

    Release Notes: This release adds the client to the audit information and the possibility to change the phone number for SMS tokens. It also allows Yubikeys to be autoassigned. In addition, many small bugfixes and improvements were implemented.

    •  20 Feb 2014 14:21

      Release Notes: This release fixes a problem with LDAPS connections, catches token exceptions to prevent errors when processing several tokens, and fixes an error which prevented LDAP Resolver from unbinding.

      •  14 Feb 2014 10:35

        Release Notes: Missing resolvers caused the community edition to raise an exception. This has been fixed.

        •  13 Feb 2014 10:59

          Release Notes: This patch release adds the radius client testing tool "linotp-auth-radius" (which supports challenge response), fixes the otppin=2 (no pin) problems with email and totptoken, fixes the "Logout" button, binds the resolvers object to the request for performance, improves sqlresolver checkpass to also support {sha} and {ssha} passwords, adds automation, and sends the token list via email or uploads to Windows shares.

          •  27 Dec 2013 12:27

            Release Notes: A new challenge response mode for all tokens. A new email token type. CSV export for tokens and audit. Improved support for all Yubikey modes. Better policies.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.