Adding upstream version 3.2.5+dfsg.upstream/3.2.5+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 43 insertions, 2 deletions

diff --git a/raddb/mods-available/totp b/raddb/mods-available/totp
index 695365f..a68a317 100644
--- a/raddb/mods-available/totp
+++ b/raddb/mods-available/totp
@@ -13,6 +13,12 @@
 #
 #	&control:TOTP-Secret
 #
+#  Any "bare" key should be placed into:
+#
+#	&control:TOTP-Key
+#
+#  If TOTP-Key exists, then it will be used instead of TOTP-Secret.
+#
 #  The TOTP password entered by the user should be placed into:
 #
 #	&request:TOTP-Password
@@ -32,9 +38,44 @@
 #	https://linux.die.net/man/1/qrencode
 #
 #  and then run that locally to get an image.
-#  
 #
-#  The module takes no configuration items.
+#
+#  Some tokens get severely out of sync with local time.  It is
+#  possible to offset the definition of "now" for one token by setting:
+#
+#	&control:TOTP-Time-Offset := 120
+#
+#  This is a signed integer, with allowed values between -600 to +600.
+#  The offset is added to to the current time, to get the tokens idea
+#  of "now".
 #
 totp {
+	#
+	#  Default time step between time changes
+	#
+	time_step = 30
+
+	#
+	#  Length of the one-time password.
+	#
+	#  Must be 6 or 8
+	#
+	otp_length = 6
+
+	#
+	#  How many steps backward in time we look for a matching OTP
+	#
+	lookback_steps = 1
+
+	#
+	#  How many steps forward in time we look for a matching OTP
+	#
+	lookforward_steps = 0
+
+	#
+	#  Time delta between steps.
+	#
+	#  Cannot be larger than time_step
+	#
+	lookback_interval = 30
 }