summaryrefslogtreecommitdiffstats
path: root/raddb/mods-available/totp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
commit50b37d4a27d3295a29afca2286f1a5a086142cec (patch)
tree9212f763934ee090ef72d823f559f52ce387f268 /raddb/mods-available/totp
parentInitial commit. (diff)
downloadfreeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.tar.xz
freeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.zip
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'raddb/mods-available/totp')
-rw-r--r--raddb/mods-available/totp40
1 files changed, 40 insertions, 0 deletions
diff --git a/raddb/mods-available/totp b/raddb/mods-available/totp
new file mode 100644
index 0000000..695365f
--- /dev/null
+++ b/raddb/mods-available/totp
@@ -0,0 +1,40 @@
+# -*- text -*-
+#
+# $Id$
+
+#
+# Time-based One-Time Passwords (TOTP)
+#
+# Defined in RFC 6238, and used in Google Authenticator.
+#
+# This module can only be used in the "authenticate" section.
+#
+# The Base32-encoded secret should be placed into:
+#
+# &control:TOTP-Secret
+#
+# The TOTP password entered by the user should be placed into:
+#
+# &request:TOTP-Password
+#
+# The module will return "ok" if the passwords match, and "fail"
+# if the passwords do not match.
+#
+# Note that this module will NOT interact with Google. The module is
+# intended to be used where the local administrator knows the TOTP
+# secret key, and user has an authenticator app on their phone.
+#
+# Note also that while you can use the Google "chart" APIs to
+# generate a QR code, doing this will give the secret to Google!
+#
+# Administrators should instead install a tool such as "qrcode"
+#
+# https://linux.die.net/man/1/qrencode
+#
+# and then run that locally to get an image.
+#
+#
+# The module takes no configuration items.
+#
+totp {
+}