OTPme

08 February 2015

17:22 Fehler #40 (Erledigt): disable clients does not work

The 2nd

16:04 Fehler #40 (Erledigt): disable clients does not work

all 0.1 beta an -rc releases misses this feature. will be fixed soon. The 2nd

16:14 Feature #41 (In Bearbeitung): Add daemon mode to OTPme

we need this for many features including cluster support. The 2nd

06 February 2015

21:46 Feature #38 (Erledigt): add support for push-token (e.g. sms)

The 2nd

03 February 2015

21:43 Feature #22 (Erledigt): add option to force CTP usage

The 2nd

19:24 Feature #39 (Neu): add cluster support to OTPme

it should be possible to cluster OTPme (failover and load balancing). using a concept similar to ganeti would be grea... The 2nd

19:08 Feature #38 (Erledigt): add support for push-token (e.g. sms)

there should be a token type, with a static password, that will generate an OTP for the user and send it via SMS.
* ... The 2nd

02 February 2015

21:34 Feature #37 (Neu): implement support for different hash types for CTP generation in roundcube plugin

the roundcube plugin should support different hash types for CTP generation which was added to OTPme (see parent ticket) The 2nd

21:01 Feature #19 (Erledigt): following logout requests should not be counted as failed login

The 2nd

18:37 Feature #18 (Erledigt): add user authorization script

added documentation to the wiki The 2nd

18:37 Feature #17 (Erledigt): add token type that will call an external script for user authentication

added documentation to the wiki The 2nd

17:59 Feature #30 (Erledigt): add option to configure hash type for CTP and SLP generation

The 2nd

17:58 Feature #30 (Gelöst): add option to configure hash type for CTP and SLP generation

The 2nd

17:58 Feature #30: add option to configure hash type for CTP and SLP generation

implemented for CTPs now. SLP is less important but may follow later... The 2nd

01 February 2015

20:54 Fehler #36 (Erledigt): setting group max_fail should disable locking

The 2nd

20:43 Fehler #36 (Erledigt): setting group max_fail should disable locking

current behavior: when max_fail is set to 0 users are always locked for this group
desired behavior: when max_fail i... The 2nd

20:40 Fehler #35 (Erledigt): session timeout pass on is not done recursive

The 2nd

20:22 Fehler #35: session timeout pass on is not done recursive

setting timeout to "0" should result in using default timeout values from main config The 2nd

20:20 Fehler #35 (Erledigt): session timeout pass on is not done recursive

session timeouts are only passed on to direct child sessions and not recursive. The 2nd

00:50 Feature #32 (Erledigt): add sample config for openldap

The 2nd

31 January 2015

22:15 Fehler #34 (Erledigt): setting user description does not work

The 2nd

22:14 Fehler #34 (Erledigt): setting user description does not work

otpme-user description admin "admin"
NameError: name 'get_val' is not defined
The 2nd

30 January 2015

20:04 Feature #33 (Erledigt): implement module to be used with freeradius rlm_python

The 2nd

28 January 2015

20:45 Feature #33 (In Bearbeitung): implement module to be used with freeradius rlm_python

The 2nd

18:52 Feature #33 (Erledigt): implement module to be used with freeradius rlm_python

The 2nd

19:01 Feature #9: add -f option to disable any user question for cli tools

The 2nd wrote:
> cli tools should have a force (-f) option to disable user confirmation (needed for scripts)
this... The 2nd

25 January 2015

20:38 Feature #33: implement module to be used with freeradius rlm_python

this is now implemented for clear-text requests. ntlm/mschap request handling will follow until i got an answer from ... The 2nd

19:18 Feature #33 (Erledigt): implement module to be used with freeradius rlm_python

using a python module should perform better than calling otpme as a script via "exec" modul.
there are examples av... The 2nd

01:07 Feature #32 (Erledigt): add sample config for openldap

slapd can authenticate users via saslauthd.
* user password needs to be set to "{SASL}username" (e.g. {SASL}joe)
... The 2nd

00:53 Feature #18: add user authorization script

need documentation The 2nd

24 January 2015

20:18 Feature #31 (Erledigt): child sessions should be identifiable via "otpme-session show"

* indent child session names
* mark parent session ids with a tailing asterisk The 2nd

19:02 Feature #5 (Erledigt): child sessions should not inherit timeout values

The 2nd

15:56 Feature #30 (Erledigt): add option to configure hash type for CTP and SLP generation

this should improve protection against dictionary attacks if someone was able to keylogg/sniff both, the OTP and the ... The 2nd

14:51 Feature #10 (Erledigt): implement otpme-token show

The 2nd

14:49 Feature #29 (Neu): add support for mod_auth_pubtkt

see https://neon1.net/mod_auth_pubtkt/ for infos
* generate login page with python?
** add support for CTP and ... The 2nd

14:46 Feature #28 (Neu): add phpmyadmin sample config

https://wiki.phpmyadmin.net/pma/Auth_types
* auth_type signon looks promising
** use e.g. mod_auth_radius for aut... The 2nd

14:35 Feature #27 (Neu): add sample config for mysql using pam_radius

http://dev.mysql.com/doc/refman/5.5/en/pam-authentication-plugin.html The 2nd

14:32 Feature #26 (Neu): add sample config for openvpn authentication

- use radius to pass credentials to OTPme?
- openvpn plugin exists but unmaintained?
- writing a auth script should... The 2nd

00:20 Feature #24 (Erledigt): add bash completion for OTPme commands

The 2nd

23 January 2015

23:28 Feature #25 (In Bearbeitung): add "force token type" to groups

we should be able to force specific token types per group to prevent an admin from adding a token with the wrong type... The 2nd

18:33 Feature #24 (Erledigt): add bash completion for OTPme commands

command completion is a must for cool projects ;) The 2nd

00:01 Feature #18: add user authorization script

need to implement per user authorization script.... The 2nd

22 January 2015

22:12 Feature #23 (Erledigt): modify log_passwords feature for logging of all auth infos (e.g. challenge/response)

The 2nd

19:59 Feature #23 (Erledigt): modify log_passwords feature for logging of all auth infos (e.g. challenge/response)

valid auth info variables:
- password
- otp
- trust password
- otp that was used to generate the trust password
... The 2nd

19:39 Feature #17: add token type that will call an external script for user authentication

implemented but needs testing and docu... The 2nd

21 January 2015

23:58 Feature #22 (Erledigt): add option to force CTP usage

- per client
- and per group? The 2nd

19 January 2015

21:34 Fehler #21 (Erledigt): under some circumstances not all child sessions get created

The 2nd

21:33 Fehler #21 (Erledigt): under some circumstances not all child sessions get created

there is a wrong use of "break loop" instead of "continue" in Session().create_child_sessions() The 2nd

18 January 2015

13:38 Feature #20 (Erledigt): add --version

The 2nd

02:10 Feature #20 (Erledigt): add --version

OTPme should know it's own version ;) The 2nd

01:53 Feature #19 (Erledigt): following logout requests should not be counted as failed login

logout requests should not count up failcount!
but we cannot detect them for requests if there exists no session (be... The 2nd

01:49 Fehler #16 (Erledigt): OTPme should handle missing config file parameters

The 2nd

01:27 Feature #18 (Erledigt): add user authorization script

* pass variables to script
** request type
** username
** password, challenge/response and/or password hash? make ... The 2nd

01:22 Feature #17 (Erledigt): add token type that will call an external script for user authentication

* pass variables to script
** request type? or should we add two scripts (clear-text and ntlm)?
** username
** pas... The 2nd

00:34 Fehler #8 (Erledigt): make sure there is only one session master in parent > child tree

The 2nd

00:31 Feature #11 (Erledigt): add min_len, max_len and default_len for static password tokens

The 2nd

17 January 2015

14:47 Fehler #16 (Erledigt): OTPme should handle missing config file parameters

- missing mandatory options should raise an exception
- missing non-mandatory options should lead to using a default... The 2nd

16 January 2015

15:02 Feature #12 (Erledigt): add sort feature to show_sessions()

The 2nd

01:11 Feature #13 (Erledigt): sessions should be grouped by parent/child relation in show_sessions()

The 2nd

00:03 Fehler #15 (Erledigt): find_free_uuid() does not check session uuids

The 2nd

00:00 Fehler #15 (Erledigt): find_free_uuid() does not check session uuids

find_free_uuid() does not verify if the new generated uuid is used by a session which may lead to duplicate uuids The 2nd

15 January 2015

21:52 Fehler #14 (Erledigt): adding child group or session does not work if child group name is a part of parent group name

The 2nd

20:30 Fehler #14 (Gelöst): adding child group or session does not work if child group name is a part of parent group name

The 2nd

20:25 Fehler #14 (Erledigt): adding child group or session does not work if child group name is a part of parent group name

example:
# otpme-group add_child webmail mail
Cannot add a group as child group of itself.
Cannot add a group as... The 2nd