OTPme: Issueshttps://www.otpme.org/redmine/https://www.otpme.org/redmine/redmine/favicon.ico?16699090422018-08-07T12:30:51ZOTPme
Redmine Feature #79 (Neu): Implement load balancinghttps://www.otpme.org/redmine/issues/792018-08-07T12:30:51ZThe 2nd
<ul>
<li>Authentication requests should be handled by all nodes
<ul>
<li>We need to sync data between nodes
<ul>
<li>Sessions
<ul>
<li>New and deleted ones</li>
</ul>
</li>
<li>Used OTPs </li>
</ul>
</li>
</ul>
</li>
<li>Management (e.g. add user) should only be handled by the master node</li>
</ul> Feature #78 (Neu): Implement master node failoverhttps://www.otpme.org/redmine/issues/782018-08-07T12:28:00ZThe 2nd
<ul>
<li>The master node owns the virtual cluster IP</li>
<li>All nodes should send/receive heartbeat messages to detect if a node goes down</li>
<li>The master node failover should happen automatically
<ul>
<li>How to detect which cluster part has quorum?</li>
</ul>
</li>
<li>A manual master node failover should be possible (e.g. for maintenance)</li>
</ul> Feature #74 (In Bearbeitung): Implement signature tagshttps://www.otpme.org/redmine/issues/742016-12-27T22:26:05ZThe 2nd
<ul>
<li>we should support signatures with different tags (e.g. dev-server)</li>
<li>when specifying valid signers (e.g. AUTH_SCRIPT_SIGNERS) it should be possible to specify sign tags</li>
</ul> Feature #65 (In Bearbeitung): implement revoking of script signatureshttps://www.otpme.org/redmine/issues/652015-12-13T13:33:30ZThe 2nd
<ul>
<li>It should be possible to revoke a script signature to invalidate a script</li>
</ul> Feature #63 (In Bearbeitung): Implement token authorization scripthttps://www.otpme.org/redmine/issues/632015-11-23T21:42:44ZThe 2nd
<ul>
<li>The script will be called by the OTPme daemons after successful authentication of the user/token</li>
<li>We should pass some variables (e.g. username, password) to it</li>
<li>If the exit code of the script is not 0 authentication should fail</li>
</ul> Feature #61 (In Bearbeitung): Implement login scripthttps://www.otpme.org/redmine/issues/612015-11-23T21:38:47ZThe 2nd
<ul>
<li>The script will be called by pam_otpme after successful authentication</li>
<li>We should pass some variables to it (e.g. online/offline status)</li>
</ul> Feature #59 (In Bearbeitung): Add header to encrypted attributeshttps://www.otpme.org/redmine/issues/592015-10-19T18:28:02ZThe 2nd
<p>To be able to change encryption types in the future we should add some header with the used encryption type/mode to each encrypted value.</p> Feature #58 (In Bearbeitung): Implement preloading of objectshttps://www.otpme.org/redmine/issues/582015-10-12T22:28:32ZThe 2nd
<p>To speed up first run of commands after daemon startup there should be an option to instruct OTPme daemons to pre load some or all objects (e.g. users) into memory.</p> Feature #57 (In Bearbeitung): Implement signing of OTPme scriptshttps://www.otpme.org/redmine/issues/572015-10-01T22:47:45ZThe 2nd
<p>It should be possible to sign OTPme scripts and allow only execution of signed scripts.</p> Feature #56 (In Bearbeitung): Implement OTPme scriptshttps://www.otpme.org/redmine/issues/562015-10-01T22:45:56ZThe 2nd
<p>It should be possible to add script objects to OTPme (e.g. a script to start gpg-agent) that should be synced to any realm member.</p> Feature #55 (In Bearbeitung): Add support to replace a tokenhttps://www.otpme.org/redmine/issues/552015-09-18T13:15:24ZThe 2nd
<p>It should be possible to replace a token by another one (e.g. replace MOTP token by a HOTP token). This is useful because the new token will be in the same groups, roles etc. as the old one.</p> Feature #54 (In Bearbeitung): add ACL support for OTPme objects (e.g. users, tokens, groups etc.)https://www.otpme.org/redmine/issues/542015-08-30T14:04:32ZThe 2nd
<ul>
<li>it should be possible to assign ACLs to objects to grant permissions (e.g. enable/disable token)</li>
<li>objects should inherit ACLs from parent objects (e.g. unit->user, user->token)</li>
</ul> Feature #53 (In Bearbeitung): implement hardware token/smartcard deploymenthttps://www.otpme.org/redmine/issues/532015-08-30T14:00:34ZThe 2nd
<ul>
<li>it should be possible to deploy hardware tokens (e.g. yubikey) with OTPme command line tools
<ul>
<li>deployment of new and existing tokens should be supported</li>
</ul></li>
</ul> Feature #41 (In Bearbeitung): Add daemon mode to OTPmehttps://www.otpme.org/redmine/issues/412015-02-08T15:14:49ZThe 2nd
<p>we need this for many features including cluster support.</p> Feature #39 (Neu): add cluster support to OTPmehttps://www.otpme.org/redmine/issues/392015-02-03T18:24:12ZThe 2nd
it should be possible to cluster OTPme (failover and load balancing). using a concept similar to ganeti would be great.
<ul>
<li>add a cluster master that owns the cluster IP
<ul>
<li>always connect to cluster IP when changing cluster config</li>
<li>automatic master failover should be possible
<ul>
<li>how to handle two-node clusters? (no quorum?)<br />... to be continued ;)</li>
</ul></li>
</ul></li>
</ul>