kuznetcoff777--- via OATH Toolkit general discussions <[email protected]> writes:
> Hi everyone! > "The file format is documented here: > http://code.google.com/p/mod-authn-otp/wiki/UsersFile"; - the file > format for /etc/users.oath is described, I read about pin there (When > a user has a PIN, it must precede the one-time password in the HTTP > password field. For example, if a user has PIN "1234" and the token > generates the one-time password of "567890", then the user must enter > "1234567890" as their password for HTTP authentication.), but it turns > out there is no support for it in this module, it is in mod_authn_otp > is an Apache web server module for two-factor authentication using > one-time passwords (OTP) generated via the HOTP/OATH algorithm defined > in RFC 4226. Hi! As far as I can tell, 'mod_authn_otp' doesn't use OATH Toolkit at all. So it probably doesn't help if liboath supports this or not. > Is it possible to add additional pin codes? I think it will add more security: > 1-otp codes even if stolen, pin code necessary to be stolen > 2-pin codes can be long enough and can have 4 kinds of complexity and > stored not as plain text (like httpasswd format as in apache otp > module) This is a nice idea, but I don't recall anything supporting this directly. /Simon
signature.asc
Description: PGP signature
