[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OATH Toolkit 2.6.7

From: Simon Josefsson
Subject: OATH Toolkit 2.6.7
Date: Sat, 01 May 2021 21:44:56 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Hi!  This is a minor release introducing the pam_oath usersfile strings,
thanks to Jason for contributing this.  Please test that I didn't break
the functionality for the release, alas the PAM module does not have a
good self-test coverage.  See below NEWS entries:

** pam_oath: Support variables in usersfile string parameter.
These changes introduce the ${USER} and ${HOME} placeholder values for
the usersfile string in the pam_oath configuration file. The
placeholder values allow the user credentials file to be stored in a
file path that is relative to the user, and mimics similar behavior
found in google-authenticator-libpam.

The motivation for these changes is to allow for non-privileged
processes to use pam_oath (e.g., for 2FA with
xscreensaver). Non-privileged and non-suid programs are unable to use
pam_oath. These changes are a proposed alternative to a suid helper
binary as well.

Thanks to Jason Graham <jgraham@compukix.net> for the patch.  See

** doc: Fix project URL in man pages.
Thanks to Jason Graham <jgraham@compukix.net> for the patch.  Fixes

** build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config.

** build: Modernize autotools usage.
Most importantly, no longer use -Werror with AM_INIT_AUTOMAKE to make
rebuilding from source more safe with future automake versions.

** Updated gnulib files.

Happy hacking,

OATH Toolkit provide components to build one-time password
authentication systems.  It contains shared C libraries, command line
tools and a PAM module.  Supported technologies include the
event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
(RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
manage secret key data.  OATH stands for Open AuTHentication, which is
the organization that specify the algorithms.

The components included in the package is:

  * liboath: A shared and static C library for OATH handling.

  * oathtool: A command line tool for generating and validating OTPs.

  * pam_oath: A PAM module for pluggable login authentication for OATH.

  * libpskc: A shared and static C library for PSKC handling.

  * pskctool: A command line tool for manipulating PSKC data.

The project's web page is available at:

Documentation for the command line tools oathtool and pskctool:

Tutorial on PSKC:

Manual for PAM module:

Liboath Manual:

Libpskc Manual

If you need help to use the OATH Toolkit, or want to help others, you
are invited to join our oath-toolkit-help mailing list, see:

Here are the compressed sources of the entire package:

The software is cryptographically signed by the author using an OpenPGP
key identified by the following information:

pub   ed25519 2019-03-20 [SC]
      B1D2 BD13 75BE CB78 4CF4  F8C4 D73C F638 C53C 06BE
uid           [ultimate] Simon Josefsson <simon@josefsson.org>

The key is available from:

I have changed key since older releases, see my transition statements:

Here are the SHA-1 and SHA-224 checksums:

43daea1daab55ff3d5282fdcaec5f23764ff8fb4  oath-toolkit-2.6.7.tar.gz

General information on contributing:

OATH Toolkit GitLab project page:

OATH Toolkit Savannah project page:

Code coverage charts:

Clang code analysis:

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]