LinOTP is a solution for strong two-factor authentication with one time passwords. It features a modular architecture into which UserIdResolver, authentication, and OTP calculation modules can be plugged. It includes UserIdResolver modules for LDAP/AD, SQL, and flat file user databases, and authentication modules for PAM and RADIUS. New modules can be developed easily. Supported tokens are HMAC-OTP/HOTP (RFC 4226/ OATH compliant), Aladdin eToken PASS, eToken NG-OTP, Safeword Alpine, Yubikey, Google Authenticator, motp, SMS OTP/Mobile TAN, and a Simple Pass token for users without token hardware. TOTP is supported, along with a new algorithm for daily passwords for applications not supporting RADIUS. CLI, Web, and GTK+ GUI clients are available for management. LinOTP features multi-client capability, redundancy, and a self-service portal. It has been used with PAM for local and SSH logins, Apache, VPN, and Windows Terminal Server, and is OATH certified.
The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, commandline tools, and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization which specifies the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported.
OpenOTP is an implementation of the HOTP protocol using a ZeitControl Cardsystems ZC3.9 BasicCard and standalone balance reader, standalone Spyrus PAR2 (Personal Access Reader), or PCSC-Lite supported smart card reader. Included is a C library implementation of the HOTP protocol and associated user database management, HOTP PAM library, OpenVPN plug-in module, micro RADIUS server with HOTP support, and utilities for managing the smart card, Spyrus reader, and host side HOTP user database. The PCSC-Lite API provides reader support for smart card management.
The HOTP Toolkit package contains tools that are useful when deploying the one-time password HOTP technology. It contains a shared library, a command-line tool to generate and validate one-time passwords, and a PAM module (pam_hotp) to make system login or SSH use HOTP one-time passwords for authentication.