Skip to content
This repository

Apache module for OTP authentication with LinOTP

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 AUTHORS
Octocat-spinner-32 COPYING
Octocat-spinner-32 ChangeLog
Octocat-spinner-32 INSTALL
Octocat-spinner-32 LICENSE
Octocat-spinner-32 Makefile.am
Octocat-spinner-32 NEWS
Octocat-spinner-32 README
Octocat-spinner-32 authn_linotp.load
Octocat-spinner-32 configure.ac
Octocat-spinner-32 mod_authn_linotp.c
README
mod_authn_linotp - Apache module for authenticating with LinOTP
===============================================================

This apache module can be used to authenticate users against
LinOTP (http://linotp.org)

This auth module only works with basic authentication.
It uses a cookie to cache the authenticated user.
The authentication of the first request is done against the LinOTP server.
The consecutive requests are handled by the cookie.

Configuration parameters:
-------------------------

The module can only be configured in a directory context.



	LinOTPValidateURL
		mandatory
		Context:	Dir
		Format: 	https://server/validate/simplecheck
		Default:	-

	LinOTPRealm
		optional
		Context:	Dir
		The realm name, the user will be authenticated in.
		Format:		<string>
		Default:	-

	LinOTPResolver
		optional
		Context:	Dir
		The useridresolver, the user will be authenticated in.
		Format:		<string>
		 Default:	-

	LinOTPCookieSecret
		mandatory
		Context:	Dir
		A secret that is used to encrypt the cookie.
		Format:		<string>
		Default:	-

	LinOTPCookieName
		optional
		Context:	Dir
		The name of the cookie	
		Format:		<string>
		Default:	linotp_auth_module

	LinOTPSSLCertVerify
		optional
		Context:	Dir
		Whether the certificate of the LinOTP server should be verified
		Format:		On or Off
		Default:	Off

	LinOTPSSLHostVerify
		optional
		Context:	Dir
		Whether the hostname in the certificate of the LinOTP server should be verified
		Format:		On or Off
		Default:	Off

	LinOTPLogUser
		optional
		Context:	Dir
		Whether the username should appear in the log file
		Format:		On or Off
		Default:	On

	LinOTPLogPassword
		optional
		Context:	Dir
		Whether the password should appear in the log file
		Format:		On or Off
		Default:	Off
		
	LinOTPTimeout
		optional
		Context:	Dir
		maximum time (in seconds) for which a one-time password is valid
		Format:		a number
		Default:	600

Example:
========

        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

                AuthType basic
                AuthName "LinOTP protected"
                AuthBasicProvider LinOTP
                Require valid-user
                LinOTPSSLCertVerify Off
                LinOTPSSLHostVerify Off
                LinOTPLogUser On
                LinOTPLogPassword On
                LinOTPCookieName myCookieName
                LinOTPValidateUrl https://localhost/validate/simplecheck
                LinOTPCookieSecret 098as0d9uasldj0a7sda
                LinOTPRealm Realm1
        </Directory>
Something went wrong with that request. Please try again.