pam_sotp

News

• 2005-09-14 pam_sotp tested on this non-x86 architectures: mips, alpha
• 2004-11-16 pam_sotp 0.3.2 released
• 2004-11-16 pam_sotp 0.3.2 released
• 2004-11-16 IMPORTANT pam_sotp 0.3.1 and 0.3.0 have an important bug (not security related) Read about it here
• 2004-11-15 pam_sotp 0.3.1 released
• 2004-11-10 The documentation included with 0.3.0 has some wrong sections. Repackaged

Introduction

pam_sotp is a module for PAM that provides support for One Time Passwords (OTP) authentication. The "s" in "sotp" stands for "simple"; pam_sotp aims to be a simple, easy to configure, module.

Current state of development

pam_sotp is still under early stages of development. Although it seems to work pretty well be warned that this software could contain severe bugs that may put at risk the security of your system. Until a stable release is reached you are advised to not use pam_sotp on mission-critical systems or production servers.

Having said that, it seems that the software is reaching an stable stage. I've received several reports about pam_sotp being used without problems in several configurations.

This project is way too small to have a serious roadmap, but anyways I guess that some of you would like to know what are my short/medium term plans for pam_sotp, so here they are:

• Release pam_sotp 0.4.0, with some patches I received and other improvements I have in mind
• Maintain the 0.4.x branch until it becomes stable
• Release a couple of 1.0 release candidates and then finally pam_sotp 1.0
• Maintain the 1.0 branch

Want to help?

Although the authentication databases in pam_sotp are supposed to be architecture and endianness independent, I would like to confirm that. If you are running a non-x86 Linux system with pam_sotp installed, you can help me. Download:

• Authentication database
• OTP list

and check that the auth database still works on your system. Note that the first password has already been used, so pam_sotp should ask for the second one. Check if everything works as it should. Send me back the results of your tests, along with the architecture you are running, to sotp (AT) cavecanen.org

Download

• Version 0.3.3: Fixes some minor bugs.
  • pam_sotp-0.3.3.tar.gz
  • pam_sotp-0.3.3.tar.bz2
  • Online documentation
  • ChangeLog
• Version 0.3.2: Fixes an important bug in previous 0.3.x releases
  • pam_sotp-0.3.2.tar.gz
  • pam_sotp-0.3.2.tar.bz2
  • Online documentation
  • ChangeLog
• Version 0.3.1: Fixes some bugs in 0.3.0.
  • pam_sotp-0.3.1.tar.gz
  • pam_sotp-0.3.1.tar.bz2
  • Online documentation
  • ChangeLog
• Version 0.3.0: Beware: this is an experimental release.
  • pam_sotp-0.3.0.tar.gz
  • pam_sotp-0.3.0.tar.bz2
  • Online documentation
  • ChangeLog
• Version 0.2.0:
  • pam_sotp-0.2.0.tar.gz
  • pam_sotp-0.2.0.tar.bz2
  • Online documentation
  • ChangeLog
• Version 0.1:
  • pam_sotp-0.1.tar.gz
  • pam_sotp-0.1.tar.bz2
  • Online documentation

Questions? Problems? Patches?

Patches, suggestions and contributions to pam_sotp should be mailed to sotp (AT) cavecanen (DOT) org. Additionally you can contact me through other means