OTPme: Issueshttps://www.otpme.org/redmine/https://www.otpme.org/redmine/redmine/favicon.ico?16699090422018-08-07T12:30:51ZOTPme
Redmine Feature #79 (Neu): Implement load balancinghttps://www.otpme.org/redmine/issues/792018-08-07T12:30:51ZThe 2nd
<ul>
<li>Authentication requests should be handled by all nodes
<ul>
<li>We need to sync data between nodes
<ul>
<li>Sessions
<ul>
<li>New and deleted ones</li>
</ul>
</li>
<li>Used OTPs </li>
</ul>
</li>
</ul>
</li>
<li>Management (e.g. add user) should only be handled by the master node</li>
</ul> Feature #78 (Neu): Implement master node failoverhttps://www.otpme.org/redmine/issues/782018-08-07T12:28:00ZThe 2nd
<ul>
<li>The master node owns the virtual cluster IP</li>
<li>All nodes should send/receive heartbeat messages to detect if a node goes down</li>
<li>The master node failover should happen automatically
<ul>
<li>How to detect which cluster part has quorum?</li>
</ul>
</li>
<li>A manual master node failover should be possible (e.g. for maintenance)</li>
</ul> Fehler #77 (Neu): Improve multiprocessing shared object usage in OTPme backend.https://www.otpme.org/redmine/issues/772017-02-05T13:23:29ZThe 2nd
<ul>
<li>Currently we use more shared objects (list(), dict() etc.) than we should because of a bug in python multiprocessing module
* <a class="external" href="https://bugs.python.org/issue6766">https://bugs.python.org/issue6766</a></li>
<li>As soon as we can use a shared DOD (dict of dicts) we can reduce the amount of shared objects used in backend (e.g. merge sync list checksum cache with the global checksum cache)
* <a class="external" href="https://bugs.python.org/msg98548">https://bugs.python.org/msg98548</a></li>
</ul> Feature #76 (Neu): Implement REST APIhttps://www.otpme.org/redmine/issues/762017-02-05T11:01:05ZThe 2nd
<ul>
<li>OTPme should support authentication via REST API</li>
<li>At a later state this could also be used for communication with our webinterface</li>
</ul> Feature #75 (In Bearbeitung): Add search indexhttps://www.otpme.org/redmine/issues/752017-01-21T00:52:41ZThe 2nd
<ul>
<li>We need a fast index to search objects by attribute and ACL</li>
<li>Use sqlalchemy to be independent of RDBMS</li>
</ul> Feature #74 (In Bearbeitung): Implement signature tagshttps://www.otpme.org/redmine/issues/742016-12-27T22:26:05ZThe 2nd
<ul>
<li>we should support signatures with different tags (e.g. dev-server)</li>
<li>when specifying valid signers (e.g. AUTH_SCRIPT_SIGNERS) it should be possible to specify sign tags</li>
</ul> Feature #73 (Neu): Extend the current integrated CA to a full blown CAhttps://www.otpme.org/redmine/issues/732016-05-07T18:10:52ZThe 2nd
<ul>
<li>we should support initializing the realm with an external certificate
<ul>
<li>support for generating a CSR should be implemented within the OTPme commands</li>
</ul>
</li>
<li>we should add some kind of templates (e.g. ClientCert, ServerCert etc.) to make certificate creation easier</li>
<li>CSR handling needs to be implemented</li>
<li>add certficate deployment and renew within the realm as optional feature</li>
</ul> Feature #72 (In Bearbeitung): Allow LDAP authentication to different accessgroupshttps://www.otpme.org/redmine/issues/722016-04-15T21:42:34ZThe 2nd
<p>The current implementation allows to specify the OTPme client name as DC e.g. dc=otrs,dc=domain,dc=intern where "otrs" is the client name. This way we can differentiate between different accessgroups with all its features.</p> Feature #71 (In Bearbeitung): Add policy to restrict login timeshttps://www.otpme.org/redmine/issues/712016-04-10T20:12:22ZThe 2nd
<ul>
<li>We may use the crontab syntax to define valid login times</li>
<li>It should be possible to add this policy type to users, tokens, roles, groups etc.</li>
</ul> Feature #70 (In Bearbeitung): Implement argon2 support for AES key derivationhttps://www.otpme.org/redmine/issues/702015-12-31T19:08:34ZThe 2nd
<ul>
<li><a class="external" href="https://password-hashing.net/">https://password-hashing.net/</a></li>
<li><a class="external" href="https://pypi.python.org/pypi/argon2">https://pypi.python.org/pypi/argon2</a></li>
</ul> Feature #69 (In Bearbeitung): Add support for user/group resolving via libnsshttps://www.otpme.org/redmine/issues/692015-12-30T02:02:45ZThe 2nd
<ul>
<li>To make OTPme users/groups available as linux system users we should support libnss</li>
<li>Current implementation uses libnss-cache (<a class="external" href="https://github.com/google/nsscache">https://github.com/google/nsscache</a>) which is easy to use from within python</li>
</ul> Feature #68 (In Bearbeitung): Add optional support for signing authentication replieshttps://www.otpme.org/redmine/issues/682015-12-24T11:19:23ZThe 2nd
<ul>
<li>The client should send a challenge to the OTPme server that will be signed with its public key
<ul>
<li>This reduces the code where authentication related bugs may lead to false positives</li>
</ul>
</li>
<li>Using JWT for this feature will allow us to re-use it for web authentication in later versions (<a class="external" href="https://en.wikipedia.org/wiki/JSON_Web_Token">https://en.wikipedia.org/wiki/JSON_Web_Token</a>)</li>
</ul> Feature #67 (In Bearbeitung): Implement deployment of SSH public keyshttps://www.otpme.org/redmine/issues/672015-12-18T21:20:06ZThe 2nd
<ul>
<li>OTPme hostd/noded should deploy SSH public keys of tokens assigend to their host</li>
<li>We may use openssh's AuthorizedKeysCommand for this</li>
</ul> Feature #66 (In Bearbeitung): Allow usage of U2F token as second factor token with "password" tokenshttps://www.otpme.org/redmine/issues/662015-12-17T18:59:15ZThe 2nd
<ul>
<li>The first factor should be a static password that can be used to encrypt offline token and session</li>
<li>The second factor would be the U2F token</li>
</ul> Feature #65 (In Bearbeitung): implement revoking of script signatureshttps://www.otpme.org/redmine/issues/652015-12-13T13:33:30ZThe 2nd
<ul>
<li>It should be possible to revoke a script signature to invalidate a script</li>
</ul>