OTP authentication for OpenBSD implementing RFC 6238 and RFC 4226.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
login_otp
otp
Makefile
Makefile.inc
README.md
base32.c
base32.h
common.h
login_otp.8
login_otp.c
login_passwd.c
main.c
otp.1
otp.c
otpdb.c
util.c

README.md

login_otp

OTP authentication type for OpenBSD to login with an authenticator app such as Google Authenticator. This tool implements RFC 6238 (TOTP) and RFC 4226 (HOTP).

Installation

This program only depends on libc, libutil, and libcrypto in OpenBSD's base system. No external library is needed.

$ make obj
$ make all
$ doas make install

This installs the following binaries:

  • /usr/bin/otp: to generate keys, control the oath database, etc.
  • /usr/libexec/auth/login_otp: the main login program for TOTP or HOTP.
  • /usr/libexec/auth/login_totp: hardlink that only accepts TOTP.
  • /usr/libexec/auth/login_hotp: hardlink that only accepts HOTP.
  • /usr/libexec/auth/login_otp_only: hardlink that only requires TOTP or HOTP without the user's system password.
  • /usr/libexec/auth/login_totp_only: hardlink that only requires TOTP without the user's system password.
  • /usr/libexec/auth/login_hotp_only: hardlink that only requires HOTP without the user's system password.

Usage

See the otp(1) and login_otp(8) manual pages for instructions.

TODO

  • Authentication chaining?
  • LDAP?