OTPme: Issueshttps://www.otpme.org/redmine/https://www.otpme.org/redmine/redmine/favicon.ico?16699090422018-08-07T12:30:51ZOTPme
Redmine Feature #79 (Neu): Implement load balancinghttps://www.otpme.org/redmine/issues/792018-08-07T12:30:51ZThe 2nd
<ul>
<li>Authentication requests should be handled by all nodes
<ul>
<li>We need to sync data between nodes
<ul>
<li>Sessions
<ul>
<li>New and deleted ones</li>
</ul>
</li>
<li>Used OTPs </li>
</ul>
</li>
</ul>
</li>
<li>Management (e.g. add user) should only be handled by the master node</li>
</ul> Feature #78 (Neu): Implement master node failoverhttps://www.otpme.org/redmine/issues/782018-08-07T12:28:00ZThe 2nd
<ul>
<li>The master node owns the virtual cluster IP</li>
<li>All nodes should send/receive heartbeat messages to detect if a node goes down</li>
<li>The master node failover should happen automatically
<ul>
<li>How to detect which cluster part has quorum?</li>
</ul>
</li>
<li>A manual master node failover should be possible (e.g. for maintenance)</li>
</ul> Fehler #77 (Neu): Improve multiprocessing shared object usage in OTPme backend.https://www.otpme.org/redmine/issues/772017-02-05T13:23:29ZThe 2nd
<ul>
<li>Currently we use more shared objects (list(), dict() etc.) than we should because of a bug in python multiprocessing module
* <a class="external" href="https://bugs.python.org/issue6766">https://bugs.python.org/issue6766</a></li>
<li>As soon as we can use a shared DOD (dict of dicts) we can reduce the amount of shared objects used in backend (e.g. merge sync list checksum cache with the global checksum cache)
* <a class="external" href="https://bugs.python.org/msg98548">https://bugs.python.org/msg98548</a></li>
</ul> Feature #76 (Neu): Implement REST APIhttps://www.otpme.org/redmine/issues/762017-02-05T11:01:05ZThe 2nd
<ul>
<li>OTPme should support authentication via REST API</li>
<li>At a later state this could also be used for communication with our webinterface</li>
</ul> Feature #75 (In Bearbeitung): Add search indexhttps://www.otpme.org/redmine/issues/752017-01-21T00:52:41ZThe 2nd
<ul>
<li>We need a fast index to search objects by attribute and ACL</li>
<li>Use sqlalchemy to be independent of RDBMS</li>
</ul> Feature #74 (In Bearbeitung): Implement signature tagshttps://www.otpme.org/redmine/issues/742016-12-27T22:26:05ZThe 2nd
<ul>
<li>we should support signatures with different tags (e.g. dev-server)</li>
<li>when specifying valid signers (e.g. AUTH_SCRIPT_SIGNERS) it should be possible to specify sign tags</li>
</ul> Feature #73 (Neu): Extend the current integrated CA to a full blown CAhttps://www.otpme.org/redmine/issues/732016-05-07T18:10:52ZThe 2nd
<ul>
<li>we should support initializing the realm with an external certificate
<ul>
<li>support for generating a CSR should be implemented within the OTPme commands</li>
</ul>
</li>
<li>we should add some kind of templates (e.g. ClientCert, ServerCert etc.) to make certificate creation easier</li>
<li>CSR handling needs to be implemented</li>
<li>add certficate deployment and renew within the realm as optional feature</li>
</ul> Feature #72 (In Bearbeitung): Allow LDAP authentication to different accessgroupshttps://www.otpme.org/redmine/issues/722016-04-15T21:42:34ZThe 2nd
<p>The current implementation allows to specify the OTPme client name as DC e.g. dc=otrs,dc=domain,dc=intern where "otrs" is the client name. This way we can differentiate between different accessgroups with all its features.</p> Feature #71 (In Bearbeitung): Add policy to restrict login timeshttps://www.otpme.org/redmine/issues/712016-04-10T20:12:22ZThe 2nd
<ul>
<li>We may use the crontab syntax to define valid login times</li>
<li>It should be possible to add this policy type to users, tokens, roles, groups etc.</li>
</ul> Feature #70 (In Bearbeitung): Implement argon2 support for AES key derivationhttps://www.otpme.org/redmine/issues/702015-12-31T19:08:34ZThe 2nd
<ul>
<li><a class="external" href="https://password-hashing.net/">https://password-hashing.net/</a></li>
<li><a class="external" href="https://pypi.python.org/pypi/argon2">https://pypi.python.org/pypi/argon2</a></li>
</ul> Feature #69 (In Bearbeitung): Add support for user/group resolving via libnsshttps://www.otpme.org/redmine/issues/692015-12-30T02:02:45ZThe 2nd
<ul>
<li>To make OTPme users/groups available as linux system users we should support libnss</li>
<li>Current implementation uses libnss-cache (<a class="external" href="https://github.com/google/nsscache">https://github.com/google/nsscache</a>) which is easy to use from within python</li>
</ul> Feature #50 (Neu): add support for offline tokenshttps://www.otpme.org/redmine/issues/502015-07-05T11:25:37ZThe 2nd
<p>a token should be markable as being allowed to be used for offline logins.</p>
<ul>
<li>to improve security against offline attacks (e.g. a stolen notebook) tokens should only be saved encrypted</li>
<li>another idea would be to use another (offline) secret when doing offline logins.
* this requires special support within the used softtoken or can be accomplished by using a second (offline) profile</li>
</ul> Feature #48 (In Bearbeitung): add ldap server supporthttps://www.otpme.org/redmine/issues/482015-07-05T11:12:57ZThe 2nd
<p>OTPme should support ldap as access protocol to it's users, groups etc.</p>
<ul>
<li>add ldap support for different object classes as extensions</li>
<li>add support for units (ou)</li>
<li>add group support (memberUid)</li>
<li>...</li>
</ul> Feature #47 (In Bearbeitung): add support for a second factor token (e.g. HOTP) to add some addit...https://www.otpme.org/redmine/issues/472015-07-04T01:07:55ZThe 2nd
<p>it should be possible to combine an ssh-token with an other token (e.g HOTP) to require an OTP beside the ssh private key for login</p> Feature #46 (In Bearbeitung): add ssh-token support for authentication with OTPme daemonshttps://www.otpme.org/redmine/issues/462015-07-04T01:01:57ZThe 2nd
<p>this feature is implemented using an ssh token that holds the public key of the user. otpme command line tools use a running ssh-agent/gpg-agent to authenticate against otpme daemons.</p>