LinOTP is a solution for strong two-factor authentication with one time passwords. It features a modular architecture into which UserIdResolver, authentication, and OTP calculation modules can be plugged. It includes UserIdResolver modules for LDAP/AD, SQL, and flat file user databases, and authentication modules for PAM and RADIUS. New modules can be developed easily. Supported tokens are HMAC-OTP/HOTP (RFC 4226/ OATH compliant), Aladdin eToken PASS, eToken NG-OTP, Safeword Alpine, Yubikey, Google Authenticator, motp, SMS OTP/Mobile TAN, and a Simple Pass token for users without token hardware. TOTP is supported, along with a new algorithm for daily passwords for applications not supporting RADIUS. CLI, Web, and GTK+ GUI clients are available for management. LinOTP features multi-client capability, redundancy, and a self-service portal. It has been used with PAM for local and SSH logins, Apache, VPN, and Windows Terminal Server, and is OATH certified.
|Tags||Security Authentication PAM RADIUS OTP token HTOP TOTP OATH certificied Google Authenticator Yubikey 2FA OATH import OCRA QR-TAN motp|
|Operating Systems||Unix Linux POSIX Windows|
We added a youtube channel, where we plan to release some explaining videos.
Release Notes: This release lets LDAPResolver hold its own CA certificate for connecting via LDAPS, can import and export policies with the GTK client, and adds documentation for integration with Univention Corporate Server (UCS).
Release Notes: This release added dynamic token modules, which makes it much easier to write new tokens and load tokens dynamically, policy import and export, improved policies that can exclude clients, the ability to display action history in selfservice, a new Yubikey token for authenticating with the Yubico online cloud service, and a script to update a pip installation. Users and resolvers were added to policies in selfservice, authentication, enrolment, and authorization. A policy checker was added to the Web UI. A token can be assigned by OTP value in selfservice.
Release Notes: QR-Code enrolment was added to the management Web UI and self-service portal. A QR-Code image was added to replies. It is now possible to send a HTTP 500 error response instead of status:false. Man pages were added for command line tools. Broken TOTP resync was fixed. Performance with dynamic token classes was improved. The contents of the lost password token was defined. Also added were HTML documentation for the LinOTP Web UI, import of OCRA seeds via CSV, support for the AD uidType DN, objectGUID, and sAMAccountName, counting of only active tokens for the licensing, and improved SQL- and LDAPResolver.
Release Notes: This release adds completely new OCRA functionality, letting you perform banking transactions and sign other data. New Security Modules enable you to use the encryption keys in different, flexible ways (e.g., you can use external Hardware Security Modules like the SafeNet LunaSA). DB2 is now supported. Rollout of time-based Google Authenticators to Selfservice has been added. LDAPResolver has been improved: User Objects may be identified by entryUUID or ObjectGUID. This release adds policy passthru for authenticating users without tokens, policy to use Client-IP for restricted access to selfservice functionalities, and a TOTP bugfix.
Release Notes: This Enterprise Edition adds SMTP SMS gateway support, authorization based on the authenticating client, functionality to retrieve OTP values to print One Time Password lists (paper passwords), improved dynamic token class loading, a test button for SQL Resolver, SMS OTP tests which can be sent with customized text, automatic SHA type detection when importing eToken Pass, Unicode support for SQL and LDAP Resolver, improved search capabilities in WebUI, the ability to turn off session protection to ease the use of the API, and improved Oracle support.