GitHub - joehil/mod_authn_linotp: Apache module for OTP authentication with LinOTP

joehil / mod_authn_linotp Public

forked from LinOTP/mod_authn_linotp

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Apache module for OTP authentication with LinOTP

Apache-2.0, Unknown licenses found

Licenses found

1 star 7 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
.gitreview		.gitreview
AUTHORS		AUTHORS
COPYING		COPYING
ChangeLog		ChangeLog
INSTALL		INSTALL
LICENSE		LICENSE
Makefile.am		Makefile.am
NEWS		NEWS
README		README
authn_linotp.load		authn_linotp.load
configure.ac		configure.ac
mod_authn_linotp.c		mod_authn_linotp.c

Repository files navigation

mod_authn_linotp - Apache module for authenticating with LinOTP
===============================================================

This apache module can be used to authenticate users against
LinOTP (http://linotp.org)

This auth module only works with basic authentication.
It uses a cookie to cache the authenticated user.
The authentication of the first request is done against the LinOTP server.
The consecutive requests are handled by the cookie.

Configuration parameters:
-------------------------

The module can only be configured in a directory context.



	LinOTPValidateURL
		mandatory
		Context:	Dir
		Format: 	https://server/validate/simplecheck
		Default:	-

	LinOTPRealm
		optional
		Context:	Dir
		The realm name, the user will be authenticated in.
		Format:		<string>
		Default:	-

	LinOTPResolver
		optional
		Context:	Dir
		The useridresolver, the user will be authenticated in.
		Format:		<string>
		 Default:	-

	LinOTPCookieSecret
		mandatory
		Context:	Dir
		A secret that is used to encrypt the cookie.
		Format:		<string>
		Default:	-

	LinOTPCookieName
		optional
		Context:	Dir
		The name of the cookie	
		Format:		<string>
		Default:	linotp_auth_module

	LinOTPSSLCertVerify
		optional
		Context:	Dir
		Whether the certificate of the LinOTP server should be verified
		Format:		On or Off
		Default:	Off

	LinOTPSSLHostVerify
		optional
		Context:	Dir
		Whether the hostname in the certificate of the LinOTP server should be verified
		Format:		On or Off
		Default:	Off

	LinOTPSSLVersion
		optional
		Context:	Dir
		SSL Version to be used when communicating with Linotp
		Format:		2 or 3
		Default:	2

	LinOTPLogUser
		optional
		Context:	Dir
		Whether the username should appear in the log file
		Format:		On or Off
		Default:	On

	LinOTPLogPassword
		optional
		Context:	Dir
		Whether the password should appear in the log file
		Format:		On or Off
		Default:	Off
		
	LinOTPTimeout
		optional
		Context:	Dir
		maximum time (in seconds) for which a one-time password is valid
		Format:		a number
		Default:	600

Example:
========

        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

                AuthType basic
                AuthName "LinOTP protected"
                AuthBasicProvider LinOTP
                Require valid-user
                LinOTPSSLCertVerify Off
                LinOTPSSLHostVerify Off
                LinOTPSSLVersion 3
                LinOTPLogUser On
                LinOTPLogPassword On
                LinOTPCookieName myCookieName
                LinOTPValidateUrl https://localhost/validate/simplecheck
                LinOTPCookieSecret 098as0d9uasldj0a7sda
                LinOTPRealm Realm1
        </Directory>