OATH Toolkit 2.6.4

oath-toolkit-help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OATH Toolkit 2.6.4

From:	Simon Josefsson
Subject:	OATH Toolkit 2.6.4
Date:	Wed, 11 Nov 2020 21:13:31 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Hi!  This release contains a bunch of smaller fixes.

** libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine.
Fixes <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/16>.
Use it like --with-xmlsec-crypto-engine=gnutls or
--with-xmlsec-crypto-engine=openssl if the default dynamic loading
fails because of runtime linker search path issues.

** oathtool --totp --verbose now prints TOTP hash mode.
Fixes <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/4>.

** oathtool: Hash names (e.g., SHA256) for --totp are now upper case.
Fixes <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/3>.
Lower/mixed case hash names are supported for compatibility.

** pam_oath: Fail gracefully for missing users.
Fixes <https://savannah.nongnu.org/support/index.php?109111>.
This allows you to incrementally add support for OATH authentication
instead of forcing it on all users.  See updated pam_oath/README on
the '[user_unknown=ignore success=ok]' parameter that can now be
supplied to PAM configuration.  Patch by Antoine Beaupré
<anarcat@debian.org>.

** Fix libpskc memory corruption bug.
Fixes <https://savannah.nongnu.org/support/?108736>.  Thanks to David
Woodhouse and Jaroslav Škarvada for report, self check and patch.

** Fix man pages.
Fixes <https://savannah.nongnu.org/support/?108312>.  Thanks to
Jaroslav Škarvada for the patch.

** Build fixes.

Happy hacking,
Simon

The OATH Toolkit makes it easy to build one-time password authentication
systems.  It contains shared libraries, command line tools and a PAM
module.  Supported technologies include the event-based HOTP algorithm
(RFC4226) and the time-based TOTP algorithm (RFC6238).  OATH stands for
Open AuTHentication, which is the organization that specify the
algorithms.  For managing secret key files, the Portable Symmetric Key
Container (PSKC) format described in RFC6030 is supported.

The components included in the package is:

  * liboath: A shared and static C library for OATH handling.

  * oathtool: A command line tool for generating and validating OTPs.

  * pam_oath: A PAM module for pluggable login authentication for OATH.

  * libpskc: A shared and static C library for PSKC handling.

  * pskctool: A command line tool for manipulating PSKC data.

The project's web page is available at:
  https://www.nongnu.org/oath-toolkit/

Documentation for the command line tools oathtool and pskctool:
  https://www.nongnu.org/oath-toolkit/oathtool.1.html
  https://www.nongnu.org/oath-toolkit/pskctool.1.html
  https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-pskctool.html

Manual for PAM module:
  https://www.nongnu.org/oath-toolkit/pam_oath.html

Liboath Manual:
  https://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.html

Libpskc Manual
  https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html

If you need help to use the OATH Toolkit, or want to help others, you
are invited to join our oath-toolkit-help mailing list, see:
  https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help

Here are the compressed sources of the entire package:
  
https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.4.tar.gz
  
https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.4.tar.gz.sig

The software is cryptographically signed by the author using an OpenPGP
key identified by the following information:

pub   ed25519 2019-03-20 [SC] [expires: 2021-01-24]
      B1D2 BD13 75BE CB78 4CF4  F8C4 D73C F638 C53C 06BE
uid           [ultimate] Simon Josefsson <simon@josefsson.org>

The key is available from:
  https://josefsson.org/key-20190320.txt

I have changed key since older releases, see my transition statement:
  https://blog.josefsson.org/2019/03/21/openpgp-2019-key-transition-statement/
  https://blog.josefsson.org/2014/06/23/openpgp-key-transition-statement/

Here are the SHA-1 and SHA-224 checksums:

bb3784c8e32cd3be2b2b95d1ed53607fbbe23200  oath-toolkit-2.6.4.tar.gz
316f359eb8616b23a48593f281d5b1d88874d307dd513b61c7eceda1  
oath-toolkit-2.6.4.tar.gz

General information on contributing:
  https://www.nongnu.org/oath-toolkit/contrib.html

OATH Toolkit GitLab project page:
  https://gitlab.com/oath-toolkit/oath-toolkit

OATH Toolkit Savannah project page:
  https://savannah.nongnu.org/projects/oath-toolkit/

Code coverage charts:
  https://oath-toolkit.gitlab.io/oath-toolkit/coverage/

Clang code analysis:
  https://oath-toolkit.gitlab.io/oath-toolkit/clang-analyzer/

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

OATH Toolkit 2.6.4, Simon Josefsson <=

Prev by Date: oath-toolkit_2.6.3-1_source.changes ACCEPTED into unstable
Next by Date: Processing of oath-toolkit_2.6.4-1_source.changes
Previous by thread: oath-toolkit_2.6.3-1_source.changes ACCEPTED into unstable
Next by thread: Processing of oath-toolkit_2.6.4-1_source.changes
Index(es):
- Date
- Thread