OTPme: Issueshttps://www.otpme.org/redmine/https://www.otpme.org/redmine/redmine/favicon.ico?16699090422015-02-03T18:08:16ZOTPme
Redmine Feature #38 (Erledigt): add support for push-token (e.g. sms)https://www.otpme.org/redmine/issues/382015-02-03T18:08:16ZThe 2nd
there should be a token type, with a static password, that will generate an OTP for the user and send it via SMS.
<ul>
<li>instead of sending the OTP it should be passed to an external script for delivery</li>
<li>it should be possible to add a phone number to the token which will be passed to the delivery script</li>
</ul> Feature #33 (Erledigt): implement module to be used with freeradius rlm_pythonhttps://www.otpme.org/redmine/issues/332015-01-25T18:18:30ZThe 2nd
<p>using a python module should perform better than calling otpme as a script via "exec" modul.</p>
<p>there are examples available:<br /><a class="external" href="https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_python/example.py">https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_python/example.py</a><br /><a class="external" href="https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_python/prepaid.py">https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_python/prepaid.py</a></p> Feature #32 (Erledigt): add sample config for openldaphttps://www.otpme.org/redmine/issues/322015-01-25T00:07:42ZThe 2nd
slapd can authenticate users via saslauthd.
<ul>
<li>user password needs to be set to "{SASL}username" (e.g. {SASL}joe)</li>
</ul>
there is also a request to add a feature for this to <a class="external" href="http://lam.sf.net">http://lam.sf.net</a> which should be added to the documenation
<ul>
<li><a class="external" href="http://sourceforge.net/p/lam/mailman/message/33229522/">http://sourceforge.net/p/lam/mailman/message/33229522/</a></li>
</ul> Feature #31 (Erledigt): child sessions should be identifiable via "otpme-session show"https://www.otpme.org/redmine/issues/312015-01-24T19:18:26ZThe 2nd
<ul>
<li>indent child session names</li>
<li>mark parent session ids with a tailing asterisk</li>
</ul> Feature #30 (Erledigt): add option to configure hash type for CTP and SLP generationhttps://www.otpme.org/redmine/issues/302015-01-24T14:56:50ZThe 2nd
this should improve protection against dictionary attacks if someone was able to keylogg/sniff both, the OTP and the CTP
<ul>
<li>we should split e.g. a 128 char hash into four 32 char strings and choose a random one for CTP/SLP creation
<ul>
<li>this should be configurable per client because some clients may not support any hash type (e.g. sha512)</li>
</ul></li>
</ul> Feature #24 (Erledigt): add bash completion for OTPme commandshttps://www.otpme.org/redmine/issues/242015-01-23T17:33:47ZThe 2nd
<p>command completion is a must for cool projects ;)</p> Feature #23 (Erledigt): modify log_passwords feature for logging of all auth infos (e.g. challeng...https://www.otpme.org/redmine/issues/232015-01-22T18:59:05ZThe 2nd
<p>valid auth info variables:<br />- password<br />- otp<br />- trust password<br />- otp that was used to generate the trust password<br />- ntlm challenge<br />- ntlm response<br />- nt_key</p> Feature #22 (Erledigt): add option to force CTP usagehttps://www.otpme.org/redmine/issues/222015-01-21T22:58:11ZThe 2nd
<p>- per client<br />- and per group?</p> Feature #19 (Erledigt): following logout requests should not be counted as failed loginhttps://www.otpme.org/redmine/issues/192015-01-18T00:53:47ZThe 2nd
<p>logout requests should not count up failcount!<br />but we cannot detect them for requests if there exists no session (because logout was already done) from which we can get the pass_hash from.<br />adding a list of already used logout passwords can fix this. but they should expire after some time. (after an unused time of the lo<br />gout password)</p> Feature #18 (Erledigt): add user authorization scripthttps://www.otpme.org/redmine/issues/182015-01-18T00:27:51ZThe 2nd
<ul>
<li>pass variables to script
<ul>
<li>request type</li>
<li>username</li>
<li>password, challenge/response and/or password hash? make this optional?</li>
<li>client</li>
<li>client_ip</li>
<li>access_group</li>
<li>token that authenticated the user
<ul>
<li>token type</li>
</ul>
</li>
</ul>
</li>
<li>script exit code 0=Accept, 1=Reject</li>
</ul> Feature #17 (Erledigt): add token type that will call an external script for user authenticationhttps://www.otpme.org/redmine/issues/172015-01-18T00:22:33ZThe 2nd
<ul>
<li>pass variables to script
<ul>
<li>request type? or should we add two scripts (clear-text and ntlm)?</li>
<li>username</li>
<li>password or challenge/response</li>
<li>client</li>
<li>client_ip</li>
<li>access_group</li>
</ul>
</li>
<li>script exit code 0=Accept, 1=Reject</li>
</ul> Fehler #16 (Erledigt): OTPme should handle missing config file parametershttps://www.otpme.org/redmine/issues/162015-01-17T13:47:25ZThe 2nd
<p>- missing mandatory options should raise an exception<br />- missing non-mandatory options should lead to using a default and log a warning</p> Feature #13 (Erledigt): sessions should be grouped by parent/child relation in show_sessions()https://www.otpme.org/redmine/issues/132015-01-14T17:14:15ZThe 2nd
<p>- parent session on top<br />- child sessions sorted by sort feature (see parent task)</p> Feature #12 (Erledigt): add sort feature to show_sessions()https://www.otpme.org/redmine/issues/122015-01-14T17:12:00ZThe 2nd
<p>by default newest sessions should be on top of list</p> Fehler #8 (Erledigt): make sure there is only one session master in parent > child treehttps://www.otpme.org/redmine/issues/82015-01-14T16:59:34ZThe 2nd
<p>modification needed in:</p>
<p>- add_child_session()<br />- enable_session_master()</p>