A centralized totp solution based on google-authenticator
|Copyright:||Konstantin Ryabitsev and contributors|
The idea of totpcgi (pronounced "Toopy-CGI") came when lamenting that google-authenticator implementation is "almost there" to be used as a generic org-wide 2-factor solution, but is annoyingly written to be a one-secret-per-service (or -per-host) solution. Thus, totpcgi was born, which uses files generated by google-authenticator and serves them from a central installation.
It is intended to be used with pam_url.
- Fully interoperable with Google-Authenticator
- Uses Google-Authenticator-generated secret files
- Supports pincodes (i.e. users log in with 'usercode555555')
- Supports file-based state backend for non-redundant installations and Postgresql for load-balanced setups.
- Supports encrypting the Google-Authenticator master secret with the user's pincode.
- Supports web-based provisioning to generate Google-Authenticator compatible files (or database entries).
- google-authenticator to generate the .totp files by hand
- flup (for .fcgi only)
- psycopg2 (for postgresql backend support)
- py-bcrypt (for pincode support using bcrypt)
- pycrypto and passlib (for encrypted-secret support)
- pam_url (for PAM support)
- python-qrcode (for provisioning support)
- MySQL-python (for MySQL backend support)
All of these dependencies are in EPEL for RHEL 6.
Please open an issue on GitHub: https://github.com/mricon/totp-cgi/issues