diff options
Diffstat (limited to '')
| -rw-r--r-- | raddb/mods-available/totp | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/raddb/mods-available/totp b/raddb/mods-available/totp index 695365f..a68a317 100644 --- a/raddb/mods-available/totp +++ b/raddb/mods-available/totp @@ -13,6 +13,12 @@ # # &control:TOTP-Secret # +# Any "bare" key should be placed into: +# +# &control:TOTP-Key +# +# If TOTP-Key exists, then it will be used instead of TOTP-Secret. +# # The TOTP password entered by the user should be placed into: # # &request:TOTP-Password @@ -32,9 +38,44 @@ # https://linux.die.net/man/1/qrencode # # and then run that locally to get an image. -# # -# The module takes no configuration items. +# +# Some tokens get severely out of sync with local time. It is +# possible to offset the definition of "now" for one token by setting: +# +# &control:TOTP-Time-Offset := 120 +# +# This is a signed integer, with allowed values between -600 to +600. +# The offset is added to to the current time, to get the tokens idea +# of "now". # totp { + # + # Default time step between time changes + # + time_step = 30 + + # + # Length of the one-time password. + # + # Must be 6 or 8 + # + otp_length = 6 + + # + # How many steps backward in time we look for a matching OTP + # + lookback_steps = 1 + + # + # How many steps forward in time we look for a matching OTP + # + lookforward_steps = 0 + + # + # Time delta between steps. + # + # Cannot be larger than time_step + # + lookback_interval = 30 } |