Hi! This release fixes the long-standing issue of suppluing secrets on the command line. Thanks to everyone who worked on discussions and patches related to this.
** oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as '-' to mean stdin, or @FILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak. Based on a patch from Ian Jackson <[email protected]>. Fixes #6. ** pam_oath: Fix unlikely logic fail on out of memory conditions. Patch from Matthias Gerstner. ** Doc fixes. Happy hacking, Simon The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization that specify the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported. The components included in the package is: * liboath: A shared and static C library for OATH handling. * oathtool: A command line tool for generating and validating OTPs. * pam_oath: A PAM module for pluggable login authentication for OATH. * libpskc: A shared and static C library for PSKC handling. * pskctool: A command line tool for manipulating PSKC data. The project's web page is available at: https://www.nongnu.org/oath-toolkit/ Documentation for the command line tools oathtool and pskctool: https://www.nongnu.org/oath-toolkit/oathtool.1.html https://www.nongnu.org/oath-toolkit/pskctool.1.html https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-pskctool.html Manual for PAM module: https://www.nongnu.org/oath-toolkit/pam_oath.html Liboath Manual: https://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.html Libpskc Manual https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html If you need help to use the OATH Toolkit, or want to help others, you are invited to join our oath-toolkit-help mailing list, see: https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help Here are the compressed sources of the entire package: https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.5.tar.gz https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.5.tar.gz.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub ed25519 2019-03-20 [SC] B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE uid [ultimate] Simon Josefsson <[email protected]> The key is available from: https://josefsson.org/key-20190320.txt I have changed key since older releases, see my transition statement: https://blog.josefsson.org/2019/03/21/openpgp-2019-key-transition-statement/ https://blog.josefsson.org/2014/06/23/openpgp-key-transition-statement/ Here are the SHA-1 and SHA-224 checksums: 31eff0b9bcc4dd5f397b9abc0cf2ccdb99615c9e oath-toolkit-2.6.5.tar.gz 5dd716a98749ba22bfe5fa8597f8b6ee7a01dda744ec3ee462ffd3e2 oath-toolkit-2.6.5.tar.gz General information on contributing: https://www.nongnu.org/oath-toolkit/contrib.html OATH Toolkit GitLab project page: https://gitlab.com/oath-toolkit/oath-toolkit OATH Toolkit Savannah project page: https://savannah.nongnu.org/projects/oath-toolkit/ Code coverage charts: https://oath-toolkit.gitlab.io/oath-toolkit/coverage/ Clang code analysis: https://oath-toolkit.gitlab.io/oath-toolkit/clang-analyzer/
signature.asc
Description: PGP signature
