OTPme: Issueshttps://www.otpme.org/redmine/https://www.otpme.org/redmine/redmine/favicon.ico?16699090422018-08-07T12:30:51ZOTPme
Redmine Feature #79 (Neu): Implement load balancinghttps://www.otpme.org/redmine/issues/792018-08-07T12:30:51ZThe 2nd
<ul>
<li>Authentication requests should be handled by all nodes
<ul>
<li>We need to sync data between nodes
<ul>
<li>Sessions
<ul>
<li>New and deleted ones</li>
</ul>
</li>
<li>Used OTPs </li>
</ul>
</li>
</ul>
</li>
<li>Management (e.g. add user) should only be handled by the master node</li>
</ul> Feature #78 (Neu): Implement master node failoverhttps://www.otpme.org/redmine/issues/782018-08-07T12:28:00ZThe 2nd
<ul>
<li>The master node owns the virtual cluster IP</li>
<li>All nodes should send/receive heartbeat messages to detect if a node goes down</li>
<li>The master node failover should happen automatically
<ul>
<li>How to detect which cluster part has quorum?</li>
</ul>
</li>
<li>A manual master node failover should be possible (e.g. for maintenance)</li>
</ul> Feature #76 (Neu): Implement REST APIhttps://www.otpme.org/redmine/issues/762017-02-05T11:01:05ZThe 2nd
<ul>
<li>OTPme should support authentication via REST API</li>
<li>At a later state this could also be used for communication with our webinterface</li>
</ul> Feature #73 (Neu): Extend the current integrated CA to a full blown CAhttps://www.otpme.org/redmine/issues/732016-05-07T18:10:52ZThe 2nd
<ul>
<li>we should support initializing the realm with an external certificate
<ul>
<li>support for generating a CSR should be implemented within the OTPme commands</li>
</ul>
</li>
<li>we should add some kind of templates (e.g. ClientCert, ServerCert etc.) to make certificate creation easier</li>
<li>CSR handling needs to be implemented</li>
<li>add certficate deployment and renew within the realm as optional feature</li>
</ul> Feature #52 (Neu): add support for yubikey in HMAC-SHA1 modehttps://www.otpme.org/redmine/issues/522015-08-30T13:57:50ZThe 2nd
<ul>
<li>OTPme should support authentication/login with a yubikey in HMAC-SHA1 mode
<ul>
<li><a class="external" href="https://github.com/Yubico/python-yubico">https://github.com/Yubico/python-yubico</a></li>
</ul>
</li>
<li>offline logins using pam_otpme should be supported</li>
</ul> Feature #50 (Neu): add support for offline tokenshttps://www.otpme.org/redmine/issues/502015-07-05T11:25:37ZThe 2nd
<p>a token should be markable as being allowed to be used for offline logins.</p>
<ul>
<li>to improve security against offline attacks (e.g. a stolen notebook) tokens should only be saved encrypted</li>
<li>another idea would be to use another (offline) secret when doing offline logins.
* this requires special support within the used softtoken or can be accomplished by using a second (offline) profile</li>
</ul> Feature #39 (Neu): add cluster support to OTPmehttps://www.otpme.org/redmine/issues/392015-02-03T18:24:12ZThe 2nd
it should be possible to cluster OTPme (failover and load balancing). using a concept similar to ganeti would be great.
<ul>
<li>add a cluster master that owns the cluster IP
<ul>
<li>always connect to cluster IP when changing cluster config</li>
<li>automatic master failover should be possible
<ul>
<li>how to handle two-node clusters? (no quorum?)<br />... to be continued ;)</li>
</ul></li>
</ul></li>
</ul> Feature #37 (Neu): implement support for different hash types for CTP generation in roundcube pluginhttps://www.otpme.org/redmine/issues/372015-02-02T20:34:37ZThe 2nd
<p>the roundcube plugin should support different hash types for CTP generation which was added to OTPme (see parent ticket)</p> Feature #29 (Neu): add support for mod_auth_pubtkthttps://www.otpme.org/redmine/issues/292015-01-24T13:49:59ZThe 2nd
<p>see <a class="external" href="https://neon1.net/mod_auth_pubtkt/">https://neon1.net/mod_auth_pubtkt/</a> for infos</p>
<ul>
<li>generate login page with python?
<ul>
<li>add support for CTP and SLP</li>
<li>implement plugin system to add SSO support for different third party software
<ul>
<li>roundcube</li>
<li>otrs</li>
<li>redmine</li>
<li>phpmyadmin</li>
<li>zarafa</li>
<li>.....</li>
</ul></li>
</ul></li>
</ul> Feature #28 (Neu): add phpmyadmin sample confighttps://www.otpme.org/redmine/issues/282015-01-24T13:46:28ZThe 2nd
<p><a class="external" href="https://wiki.phpmyadmin.net/pma/Auth_types">https://wiki.phpmyadmin.net/pma/Auth_types</a></p>
<ul>
<li>auth_type signon looks promising
<ul>
<li>use e.g. mod_auth_radius for authentication</li>
</ul></li>
</ul>
<ul>
<li>maybe we can add CTP support?</li>
</ul> Feature #27 (Neu): add sample config for mysql using pam_radiushttps://www.otpme.org/redmine/issues/272015-01-24T13:35:30ZThe 2nd
<p><a class="external" href="http://dev.mysql.com/doc/refman/5.5/en/pam-authentication-plugin.html">http://dev.mysql.com/doc/refman/5.5/en/pam-authentication-plugin.html</a></p> Feature #26 (Neu): add sample config for openvpn authenticationhttps://www.otpme.org/redmine/issues/262015-01-24T13:32:45ZThe 2nd
<p>- use radius to pass credentials to OTPme?<br />- openvpn plugin exists but unmaintained?<br />- writing a auth script should be easy!</p> Feature #4 (Neu): add motp offsethttps://www.otpme.org/redmine/issues/42015-01-11T17:44:13ZThe 2nd
<p>currently this is an undocumented (incomplete) feature and offset is in 10 second timestep.</p>
<p>- offset should be given in minutes<br />- should we show offset in token overview? do other otp token types also have an offset?</p>