Project

General

Profile

Activity

From 03 January 2015 to 01 February 2015

01 February 2015

21:38 OTPme 0.1-rc2 release candiate available for download
This version comes with a fix for the new feature "timeout pass on" introduced in the last -rc1 release (#35) and som... The 2nd
21:31 otpme-0.1-rc2.tgz
The 2nd
20:54 Fehler #36 (Erledigt): setting group max_fail should disable locking
The 2nd
20:43 Fehler #36 (Erledigt): setting group max_fail should disable locking
current behavior: when max_fail is set to 0 users are always locked for this group
desired behavior: when max_fail i...
The 2nd
20:40 Fehler #35 (Erledigt): session timeout pass on is not done recursive
The 2nd
20:22 Fehler #35: session timeout pass on is not done recursive
setting timeout to "0" should result in using default timeout values from main config The 2nd
20:20 Fehler #35 (Erledigt): session timeout pass on is not done recursive
session timeouts are only passed on to direct child sessions and not recursive. The 2nd
00:50 Feature #32 (Erledigt): add sample config for openldap
The 2nd

31 January 2015

22:15 Fehler #34 (Erledigt): setting user description does not work
The 2nd
22:14 Fehler #34 (Erledigt): setting user description does not work
otpme-user description admin "admin"
NameError: name 'get_val' is not defined
The 2nd

30 January 2015

20:04 Feature #33 (Erledigt): implement module to be used with freeradius rlm_python
The 2nd

28 January 2015

20:45 Feature #33 (In Bearbeitung): implement module to be used with freeradius rlm_python
The 2nd
18:52 Feature #33 (Erledigt): implement module to be used with freeradius rlm_python
The 2nd
19:01 Feature #9: add -f option to disable any user question for cli tools
The 2nd wrote:
> cli tools should have a force (-f) option to disable user confirmation (needed for scripts)
this...
The 2nd

25 January 2015

20:38 Feature #33: implement module to be used with freeradius rlm_python
this is now implemented for clear-text requests. ntlm/mschap request handling will follow until i got an answer from ... The 2nd
19:18 Feature #33 (Erledigt): implement module to be used with freeradius rlm_python
using a python module should perform better than calling otpme as a script via "exec" modul.
there are examples av...
The 2nd
01:07 Feature #32 (Erledigt): add sample config for openldap
slapd can authenticate users via saslauthd.
* user password needs to be set to "{SASL}username" (e.g. {SASL}joe)
...
The 2nd
00:53 Feature #18: add user authorization script
need documentation The 2nd

24 January 2015

20:18 Feature #31 (Erledigt): child sessions should be identifiable via "otpme-session show"
* indent child session names
* mark parent session ids with a tailing asterisk
The 2nd
19:26 OTPme 0.1-rc1 release candiate available for download
This version comes with some bugfixes and a new feature called "timeout pass on". You can enable this feature per acc... The 2nd
19:15 otpme-0.1-rc1.tgz
first release candidate for version 0.1 The 2nd
19:02 Feature #5 (Erledigt): child sessions should not inherit timeout values
The 2nd
15:56 Feature #30 (Erledigt): add option to configure hash type for CTP and SLP generation
this should improve protection against dictionary attacks if someone was able to keylogg/sniff both, the OTP and the ... The 2nd
14:51 Feature #10 (Erledigt): implement otpme-token show
The 2nd
14:49 Feature #29 (Neu): add support for mod_auth_pubtkt

see https://neon1.net/mod_auth_pubtkt/ for infos
* generate login page with python?
** add support for CTP and ...
The 2nd
14:46 Feature #28 (Neu): add phpmyadmin sample config
https://wiki.phpmyadmin.net/pma/Auth_types
* auth_type signon looks promising
** use e.g. mod_auth_radius for aut...
The 2nd
14:35 Feature #27 (Neu): add sample config for mysql using pam_radius
http://dev.mysql.com/doc/refman/5.5/en/pam-authentication-plugin.html The 2nd
14:32 Feature #26 (Neu): add sample config for openvpn authentication
- use radius to pass credentials to OTPme?
- openvpn plugin exists but unmaintained?
- writing a auth script should...
The 2nd
00:20 Feature #24 (Erledigt): add bash completion for OTPme commands
The 2nd

23 January 2015

23:28 Feature #25 (In Bearbeitung): add "force token type" to groups
we should be able to force specific token types per group to prevent an admin from adding a token with the wrong type... The 2nd
18:33 Feature #24 (Erledigt): add bash completion for OTPme commands
command completion is a must for cool projects ;) The 2nd
00:01 Feature #18: add user authorization script
need to implement per user authorization script.... The 2nd

22 January 2015

22:12 Feature #23 (Erledigt): modify log_passwords feature for logging of all auth infos (e.g. challenge/response)
The 2nd
19:59 Feature #23 (Erledigt): modify log_passwords feature for logging of all auth infos (e.g. challenge/response)
valid auth info variables:
- password
- otp
- trust password
- otp that was used to generate the trust password
...
The 2nd
19:39 Feature #17: add token type that will call an external script for user authentication
implemented but needs testing and docu... The 2nd

21 January 2015

23:58 Feature #22 (Erledigt): add option to force CTP usage
- per client
- and per group?
The 2nd
23:40 otpme-0.1-beta1.tgz
The 2nd

19 January 2015

21:34 Fehler #21 (Erledigt): under some circumstances not all child sessions get created
The 2nd
21:33 Fehler #21 (Erledigt): under some circumstances not all child sessions get created
there is a wrong use of "break loop" instead of "continue" in Session().create_child_sessions() The 2nd

18 January 2015

13:38 Feature #20 (Erledigt): add --version
The 2nd
02:10 Feature #20 (Erledigt): add --version
OTPme should know it's own version ;) The 2nd
01:53 Feature #19 (Erledigt): following logout requests should not be counted as failed login
logout requests should not count up failcount!
but we cannot detect them for requests if there exists no session (be...
The 2nd
01:49 Fehler #16 (Erledigt): OTPme should handle missing config file parameters
The 2nd
01:27 Feature #18 (Erledigt): add user authorization script
* pass variables to script
** request type
** username
** password, challenge/response and/or password hash? make ...
The 2nd
01:22 Feature #17 (Erledigt): add token type that will call an external script for user authentication
* pass variables to script
** request type? or should we add two scripts (clear-text and ntlm)?
** username
** pas...
The 2nd
00:34 Fehler #8 (Erledigt): make sure there is only one session master in parent > child tree
The 2nd
00:31 Feature #11 (Erledigt): add min_len, max_len and default_len for static password tokens
The 2nd

17 January 2015

14:47 Fehler #16 (Erledigt): OTPme should handle missing config file parameters
- missing mandatory options should raise an exception
- missing non-mandatory options should lead to using a default...
The 2nd

16 January 2015

15:02 Feature #12 (Erledigt): add sort feature to show_sessions()
The 2nd
01:11 Feature #13 (Erledigt): sessions should be grouped by parent/child relation in show_sessions()
The 2nd
00:03 Fehler #15 (Erledigt): find_free_uuid() does not check session uuids
The 2nd
00:00 Fehler #15 (Erledigt): find_free_uuid() does not check session uuids
find_free_uuid() does not verify if the new generated uuid is used by a session which may lead to duplicate uuids The 2nd

15 January 2015

21:52 Fehler #14 (Erledigt): adding child group or session does not work if child group name is a part of parent group name
The 2nd
20:30 Fehler #14 (Gelöst): adding child group or session does not work if child group name is a part of parent group name
The 2nd
20:25 Fehler #14 (Erledigt): adding child group or session does not work if child group name is a part of parent group name

example:
# otpme-group add_child webmail mail
Cannot add a group as child group of itself.
Cannot add a group as...
The 2nd

14 January 2015

18:26 Feature #2: add auto-disable option for users
disabling user, token etc. should also be possible after being unused for a give time, just like with sessions. The 2nd
18:16 Feature #5: child sessions should not inherit timeout values
maybe we should also add an per access group option to "push" timeout values to child sessions? The 2nd
18:14 Feature #13 (Erledigt): sessions should be grouped by parent/child relation in show_sessions()
- parent session on top
- child sessions sorted by sort feature (see parent task)
The 2nd
18:12 Feature #12 (Erledigt): add sort feature to show_sessions()
by default newest sessions should be on top of list The 2nd
18:09 Feature #11 (Erledigt): add min_len, max_len and default_len for static password tokens

min_len -> password shorter than min_len cannot be set and will be rejected before checking (for clear-text request...
The 2nd
18:04 Feature #10 (Erledigt): implement otpme-token show
otpme-token should be able to list all tokens or by user or by group!? The 2nd
18:01 Feature #9 (In Bearbeitung): add -f option to disable any user question for cli tools
cli tools should have a force (-f) option to disable user confirmation (needed for scripts) The 2nd
17:59 Fehler #8 (Erledigt): make sure there is only one session master in parent > child tree
modification needed in:
- add_child_session()
- enable_session_master()
The 2nd
17:57 Feature #7 (Abgewiesen): add ability to move a token from one user to another
- remove token UUID from current user token list
- change owner of token
- add token UUID to new user token list
The 2nd
17:34 Feature #6 (Erledigt): add max_sessions feature to access groups
The 2nd
17:34 Feature #6 (Erledigt): add max_sessions feature to access groups
it should be possible to configure max concurrent OTP-Sessions per access group. this could be used for e.g. roundcub... The 2nd

13 January 2015

22:23 Feature #3 (Erledigt): add optional powered-by logo to roundcube plugin
added logo with link to http://www.otpme.org/ The 2nd

11 January 2015

22:42 Feature #5 (Erledigt): child sessions should not inherit timeout values
using separate timeout values for child sessions is a good idea. currently child sessions inherit timeout values from... The 2nd
18:44 Feature #4 (Neu): add motp offset
currently this is an undocumented (incomplete) feature and offset is in 10 second timestep.
- offset should be giv...
The 2nd
18:32 Feature #3 (Erledigt): add optional powered-by logo to roundcube plugin
- add config option
- add large and small logos in white and black
The 2nd
18:27 Feature #2 (In Bearbeitung): add auto-disable option for users
add an option to automatically disable user (also for groups and tokens? and for user/group relation?)
- after a giv...
The 2nd
18:22 Fehler #1 (Erledigt): missing AUTH_OK_OTP message for ntlm verfication
The 2nd
18:10 Fehler #1 (Erledigt): missing AUTH_OK_OTP message for ntlm verfication

doing ntlm verification with otpme-auth the second-last line is missing AUTH_OK_OTP
# otpme-auth -d verify_ntlm ...
The 2nd
14:38 OTPme 0.1-beta1 release
OTPme 0.1-beta1 is the first public release of OTPme available for "download":https://www.otpme.org/redmine/projects/... The 2nd
 

Also available in: Atom