LinOTP is a solution for strong two-factor authentication with one time passwords. It features a modular architecture into which UserIdResolver, authentication, and OTP calculation modules can be plugged. It includes UserIdResolver modules for LDAP/AD, SQL, and flat file user databases, and authentication modules for PAM and RADIUS. New modules can be developed easily. Supported tokens are HMAC-OTP/HOTP (RFC 4226/ OATH compliant), Aladdin eToken PASS, eToken NG-OTP, Safeword Alpine, Google Authenticator, motp, SMS OTP/Mobile TAN, and a Simple Pass token for users without token hardware. TOTP is supported, along with a new algorithm for daily passwords for applications not supporting RADIUS. CLI, Web, and GTK+ GUI clients are available for management. LinOTP features multi-client capability, redundancy, and a self-service portal. It has been used with PAM for local and SSH logins, Apache, VPN, and Windows Terminal Server, and is OATH certified.
|Tags||Security Authentication PAM RADIUS OTP token HTOP TOTP OATH certificied Google Authenticator Yubikey 2FA OATH import OCRA QR-TAN motp|
|Operating Systems||Unix Linux POSIX Windows|
LinOTP is available in an Ubuntu repository at
The packages were built for 12.04.
Release Notes: QR-Code enrolment was added to the management Web UI and self-service portal. A QR-Code image was added to replies. It is now possible to send a HTTP 500 error response instead of status:false. Man pages were added for command line tools. Broken TOTP resync was fixed. Performance with dynamic token classes was improved. The contents of the lost password token was defined. Also added were HTML documentation for the LinOTP Web UI, import of OCRA seeds via CSV, support for the AD uidType DN, objectGUID, and sAMAccountName, counting of only active tokens for the licensing, and improved SQL- and LDAPResolver.
Release Notes: This release adds completely new OCRA functionality, letting you perform banking transactions and sign other data. New Security Modules enable you to use the encryption keys in different, flexible ways (e.g., you can use external Hardware Security Modules like the SafeNet LunaSA). DB2 is now supported. Rollout of time-based Google Authenticators to Selfservice has been added. LDAPResolver has been improved: User Objects may be identified by entryUUID or ObjectGUID. This release adds policy passthru for authenticating users without tokens, policy to use Client-IP for restricted access to selfservice functionalities, and a TOTP bugfix.
Release Notes: This Enterprise Edition adds SMTP SMS gateway support, authorization based on the authenticating client, functionality to retrieve OTP values to print One Time Password lists (paper passwords), improved dynamic token class loading, a test button for SQL Resolver, SMS OTP tests which can be sent with customized text, automatic SHA type detection when importing eToken Pass, Unicode support for SQL and LDAP Resolver, improved search capabilities in WebUI, the ability to turn off session protection to ease the use of the API, and improved Oracle support.
Release Notes: A new version of the community edition has been released to the Python Package Index. This release adds authorization based on the client's IP address, adds functionality to retrieve OTPs to print One Time Password lists, improves dynamic token class loading, imports eToken Pass: automatic SHA type detection, improves search capabilities in tokenview and userview, and adds the ability to turn off session protection.
Release Notes: This release adds pam_linotp.py, a Python PAM module. It improves the support for IE and Google Chrome (wait overlay), fixes totp resync, adds mass enrollment for eTokenNG OTP, adds a function to check for existing serial numbers, adds policies for hmac_Hashlib and totp_timestep, adds the ablity to enroll HOTP and TOTP from selfservice, adds import for simple OATH CSV files, improves the handling of the return values of SMS gateways, improves the robustness of managing resolvers and realms, adds an SQL janitor to remove old audit logs, improves performance, and has several minor fixes.