1.15. Tools#
LinOTP comes with some tools to ease system maintenance.
1.15.1. linotp#
Commands:
admin Administrative commands to manage the linotp application...
audit Manage audit options
backup Manage database-specific backups
config Show LinOTP configuration
dbsnapshot Manage system-independent database 'snapshots'
init Manage initialization of LinOTP
ldap-test Test LDAP user-ID resolver connection.
local-admins Manage local administrator accounts
routes Show the routes for the app.
run Runs a development server.
shell Runs a shell in the app context.
support Administrative commands to set and query the linotp support.
Use the help of the tool to get details about the syntax
linotp local-admins#
The command local-admins are the administrators for /manage, which are created in the internal UserIdResolver LinOTP_local_admins. Alternatively, they can be created and edited in the GUI of SVA (:8443).
linotp local-admins --help
linotp local-admins list --help
#output:
List local administrator accounts
Options:
-f, --format TEXT Output format template
-l, --long Detailed output
--help Show this message and exit.
Example create a new local admin for /manage
linotp local-admins add localadmin
linotp local-admins password --password geheim123 localadmin
linotp audit#
It will delete old entries in the SQL Audit log table. It can take a high and a low watermark. If the number of entries exceed the high watermark, old entries are deleted, so that only the <low watermark> newest entries remain.
This tool by default is run via cron once a day (/etc/cron.daily).
You can specify the watermarks using the command line (–high, –low), or entries in linotp.ini (linotpAudit.sql.highwatermark, linotpAudit.sql.lowwatermark). The default is set to high=10000 and low=5000.
linotp audit --help
Example
linotp audit cleanup
1.15.2. linotp-tokens-used#
This in fact is a munin [1] plugin to monitor the total amount of managed tokens, the number of unassigned tokens and the number of inactive tokens.
Of course the output can be used to be dumped to any other file.
The output can be used to set up a dynamic pay per use licensing model.
1.15.3. linotp-backup#
This shell script backs up the database and the encryption key to an PGP encrypted backup file.
1.15.4. linotp-restore#
This shell script restores a previously backed up database and encryption key.
1.15.5. linotp-convert-token#
This script converts a Safeword dat seed file to an Aladdin/SafeNet XML file.
1.15.6. linotp-convert-xml-to-csv#
This script converts an Aladdin XML file to an OATH CSV file.
1.15.7. linotp-decrypt-otpkey#
This script can be used for debug purposes. It helps to decrypt an OTP seed from the token database.
1.15.8. LinotpLDAPProxy.pm#
This is a perl module to be used with an OpenLDAP server to setup an LDAP proxy, to perform LDAP binds (authentication) with OTP values.