Multi-OTP is a PHP class that can be used to authenticate and manage OTP user tokens for strong two-factor authentication. It can create, update, and delete tokens to authenticate users with one time passwords (OTP). The users' data are stored in files. The class can also check the user token using several algorithms: Mobile OTP (MOTP), OATH/HOTP (RFC 4226), and OATH/TOTP HOTP Time Based (RFC 4226 extension). It works with compatible software tokens (iPhone, Android, PalmOS, Nokia, and other Java J2ME capable phones) and hardware tokens (such as Feitian, ZyXEL, Authenex, or Seamoon). The multiotp command line utility is also provided, both in "compiled" form (for Windows) and in source code (for Linux or educational purpose). The multiotp command line can be combined with FreeRADIUS (under Linux) or the free TekRADIUS LT (under Windows) in order to have a powerful radius strong authentication server.
|Tags||Security OTP Authentication php class two-factor authentication Internet|
|Operating Systems||OS Independent|
Release Notes: Now it is possible to import PSKC Algorithm Profiles containing tokens definition for TOTP and HOTP algorithm. Thus, creating a user and attributing a token is easier. The multiotp-database-format flat file has been enhanced to version 3. Regular attributes are written attribute=value, and encrypted attributes are now written encrypted_attribute:=encrypted_value. In debug mode, the command line version now returns text information after the exit code.
Release Notes: An enhancement was made in order to use an alternate PHP "compiler" for the Windows command line. The documentation was enhanced. A minor notice fix was made. The timezone is defined if it is not already defined (for embedded command line). If a user doesn't exist, the related flat file is not created after a check.
Release Notes: The "users" and "log" folders are now created if needed. A problem where "foreach" was not working well in the "compiled" Windows command line was fixed. There was also a new design using a class, mOTP support, cleaned up code, and OATH/TOTP support.