Metadata-Version: 1.0
Name: libpam-hotp
Version: 0.1
Summary: Pam module to authenticate users using HOTP token.
Home-page: http://libpam-hotp.idevelop.org
Author: Antoine Millet
Author-email: antoine@inaps.org
License: GPL
Description: LIBPAM HOTP
        ===========
        
        libpam-hotp is a PAM (Pluggable Authentication Modules) module written
        in Python to authenticate users using an OTP (One Time Password) generated
        with the HOTP algorithm.
        
        1. Installation
        ---------------
        
        libpam-hotp depend of libpam-python which is packaged into all major distro.
        The module have been tested with Python 2.6, maybe it also work with 2.5,
        and certainly with 2.7 version.
        
        After installing the dependencies, you can drop pam_hotp.py into
        /lib/security directory.
        
        Next step is to setup PAM, and create a file with all your token seeds.
        
        2. Configuration of PAM
        -----------------------
        
        libpam-hotp use libpam-python, the latter is actually the called module 
        for PAM, thereby, your rule line will look like this:
        
           auth    [POLICY]      pam_python.so pam_hotp.py [OPTIONS]
        
        Available options are:
        
         - file: path to file that store user login - secret seeds mapping 
           (default to /etc/hotp).
         
        Example:
        
           auth    sufficient    pam_python.so pam_hotp.py file=/etc/hotp_ssh
        
        NOTE: This module only provide the AUTH mecanism.
        
        3. Seeds file:
        --------------
        
        Seed file store the mapping between an user login and the secret seed code
        of user's token.
        
        Each line of this file is an association, each field is separated by an
        ":" char. The three first fields are mandatory:
        
         - User login
         - Secret seed code (encoded in hexadecimal form)
         - The number of seconds for a period (see your token datasheet)
        
        You can add two additionals fields:
        
         - The maximum allowed number of drift periods
         - An hash, used to prompt an additionnal password to the user.
        
        The hash is encoded with it salt with this format: SALT$HASH, 
        hash function is SHA1(CONCAT(PASSWORD, SALT)).
        
        Example:
        
        Here is a complete example for the user stallman, with a token-period
        of 30 seconds, a maximum drift of 3 periods, and an additionnal password
        "richard":
        
           stallman:11223344556677889900AABBCCDDEEFF:30:3:6jsd3$1b6a67161e1cca2b1cd014c59b5bc907435cf8e7
        
Keywords: pam hotp token otp
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Programming Language :: Python
Classifier: Environment :: Plugins
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: GNU General Public License (GPL)
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
