Hi everyone! "The file format is documented here: http://code.google.com/p/mod-authn-otp/wiki/UsersFile"; - the file format for /etc/users.oath is described, I read about pin there (When a user has a PIN, it must precede the one-time password in the HTTP password field. For example, if a user has PIN "1234" and the token generates the one-time password of "567890", then the user must enter "1234567890" as their password for HTTP authentication.), but it turns out there is no support for it in this module, it is in mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. Is it possible to add additional pin codes? I think it will add more security: 1-otp codes even if stolen, pin code necessary to be stolen 2-pin codes can be long enough and can have 4 kinds of complexity and stored not as plain text (like httpasswd format as in apache otp module)
Pin codes additional to otp codes for more security
kuznetcoff777--- via OATH Toolkit general discussions Fri, 12 Dec 2025 06:05:18 -0800
- Pin codes additional... kuznetcoff777--- via OATH Toolkit general discussions
- Re: Pin codes a... Simon Josefsson via OATH Toolkit general discussions
- Re[2]: Pin ... kuznetcoff777--- via OATH Toolkit general discussions
