Skip to content

archiecobbs/mod-authn-otp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits

CHANGES

CHANGES

 
 

INSTALL

INSTALL

 
 

LICENSE

LICENSE

 
 

Makefile.am

Makefile.am

 
 

README

README

 
 

README.md

README.md

 
 

Release.txt

Release.txt

 
 

autogen.sh

autogen.sh

 
 

base32.c

base32.c

 
 

base32.h

base32.h

 
 

configure.ac

configure.ac

 
 

errinc.h

errinc.h

 
 

genotpurl.1

genotpurl.1

 
 

genotpurl.c

genotpurl.c

 
 

hotp.c

hotp.c

 
 

mod_authn_otp.c

mod_authn_otp.c

 
 

motp.c

motp.c

 
 

otplock.1

otplock.1

 
 

otplock.c

otplock.c

 
 

otplock.h

otplock.h

 
 

otptool.1

otptool.1

 
 

otptool.c

otptool.c

 
 

otptool.h

otptool.h

 
 

phex.c

phex.c

 
 

users.sample

users.sample

 
 

Repository files navigation

Overview

mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. This creates a simple way to protect a web site with one-time passwords, using any RFC 4226-compliant token device, including software tokens that run on cell phones such as Google Authenticator. mod_authn_otp also supports the obsolete Mobile-OTP algorithm.

mod_authn_otp supports both event and time based one-time passwords. It also supports "lingering" which allows the repeated re-use of a previously used one-time password up to a configurable maximum linger time. This allows one-time passwords to be used directly in HTTP authentication without forcing the user to enter a new one-time password for every page load. No additional infrastructure other than the mod_authn_otp module is required to add one-time password support to any Apache web server.

mod_authn_otp supports both basic and digest authentication, and will auto-synchronize with the user's token within a configurable maximum offset (auto-synchronization is not supported with digest authentication).

mod_authn_otp is especially useful for setting up protected web sites that require more security than simple username/password authentication yet also don't require users to install special VPN software.

Also included are otptool, a one-time password command line utility, and genotpurl. otptool can be used on a simple call-out basis to integrate two-factor authentication into any existing authentication solution. genotpurl generates oathtoken:// URLs suitable for Google Authenticator token distribution.

Details

See the wiki for a detailed description including supported Apache configuration directives.

  • Configuration: How to configure the Apache 2.x server
  • OneTimePasswords: How one-time passwords work and how they integrate with HTTP authentication
  • Tokens: Getting tokens for use with mod_authn_otp
  • UsersFile: The users database
  • DigestAuthentication: Limitations of mod_authn_otp when used with HTTP digest authentication
  • SecurityConsiderations: Security considerations when using one-time passwords for HTTP authentication
  • OTPTool: Man page for the otptool command line utility
  • GenOTPURL: Man page for the genotpurl command line utility

About

Apache module for one-time password authentication

Resources

Readme

License

Apache-2.0 license
Activity

Stars

62 stars

Watchers

10 watching

Forks

17 forks
Report repository

Releases

11 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages