[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OATH-Toolkit-help] OATH Toolkit 1.10.0

From: Simon Josefsson
Subject: [OATH-Toolkit-help] OATH Toolkit 1.10.0
Date: Tue, 24 May 2011 22:49:46 +0200
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.2 (gnu/linux)

Finally there is TOTP support in the PAM module...  I have added self
tests but not done any extensive testing.  Please pick it apart!

Happy hacking,

* Version 1.10.0 (released 2011-05-24)

** liboath: Added new TOTP validation functions that return search position.
Before the absolute value of the search position was in the return
code of the TOTP validate function, but it seems we need to know
whether the search position was before or after the current time.  The
new functions are oath_totp_validate2 and oath_totp_validate2_callback
and behave the same asoath_totp_validate and
oath_totp_validate_callback, respectively, but they take another
optional 'int*' parameter to store the search position.

** liboath: Usersfile can now validate TOTP as well.
Supported algorithms are HOTP/T30/D and HOTP/T60/D where D is 6, 7, or
8 digits.  This means that the PAM module now supports TOTP as well.

The OATH Toolkit makes it easy to build one-time password
authentication systems.  It contains a shared library, a command line
tool and a PAM module.  Supported technologies include the event-based
HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238).
OATH stands for Open AuTHentication, which is the organization that
specify the algorithms.

The components included in the package is:

  * liboath: A shared and static C library for OATH handling.

  * oathtool: A command line tool for generating and validating OTPs.

  * pam_oath: A PAM module for pluggable login authentication for OATH.

The project's web page is available at:

Man page for oathtool:

Manual for PAM module:

Liboath GTK-DOC API Reference manual:

If you need help to use the OATH Toolkit, or want to help others, you
are invited to join our oath-toolkit-help mailing list, see:

Here are the compressed sources of the entire package:

The software is cryptographically signed by the author using an OpenPGP
key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2012-01-24]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <address@hidden>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2012-01-24]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

b3da003d2e4c8e4ae7d5c8ad6f000b2452f185c8  oath-toolkit-1.10.0.tar.gz


Savannah developer's home page:

Code coverage charts:

Clang code analysis:

Attachment: pgpdWggPgrqBY.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]