Multi Factor Authentication with LinOTP

Preface

By using LinOTP you decided to use a flexible, modern authentication system.

Congratulations on your choice!

LinOTP is a solution for authenticating with one time passwords. The runtime components of netgo LinOTP are available as source code, which gives you the possibility, to make your own adaption or to conduct code reviews on the software. LinOTP is originally based on GNU/Linux but as it is written in Python, it might also run on other operating systems.

netgo LinOTP is lean and very gentle on resources. It is scalable from small installations up to world-spanning, redundant enterprise installations.

This manual is divided into 5 main parts.

1. The LinOTP Management Guide describes the management of users, realms and tokens.

2. The LinOTP Installation Guide explains how to install LinOTP on different operating systems.

3. The LinOTP Selfservice Portal shows the administrator how users are allowed to manage their own tokens.

4. The LinOTP Appliance Manual deals with the LinOTP Appliance. No matter if you are using the hardware appliance or the virtual appliance, here you can find how to set up and configure the appliance.

5. If you plan to adapt or extend LinOTP you can develop your own modules. How to do this is described in LinOTP Development Guide.

Getting Support

netgo GmbH provides Enterprise Support for LinOTP.

Refer to https://www.linotp.de for the available support options.

The LinOTP logo and the LinOTP Manuals and documentation, “LinOTP Management Guide”, “LinOTP Installation Guide”, “LinOTP User Guide”, “LinOTP Appliance Manual”, “LinOTP Module Development Guide” and “API documentation” are intellectual property and under the copyright of netgo GmbH and can not be used without permission.

• 1. LinOTP Management Guide
  • 1.1. Introduction
    • 1.1.1. System Overview
    • 1.1.2. Components
    • 1.1.3. LinOTP core
    • 1.1.4. OTP Calculation
    • 1.1.5. UserIdResolver
    • 1.1.6. Authentication Modules
    • 1.1.7. Management Clients
    • 1.1.8. Features of different management clients
    • 1.1.9. Licenses
      • LinOTP Server
      • LinOTP Administration Clients (adminclients)
      • LinOTP Management GUI
      • LinOTP Authentication Connectors (authmodules)
      • LinOTP User Connectors (UserIdResolver)
      • LinOTP SMS Connectors
  • 1.2. Quick Start Guide Token Management
    • 1.2.1. What this guide is about
    • 1.2.2. Getting started - the Web UI
    • 1.2.3. UserIdResolvers
      • Create UserIdResolver
    • 1.2.4. Create Realm
    • 1.2.5. Create Token
    • 1.2.6. Assign Token to User
    • 1.2.7. Test authentication procedure
  • 1.3. Configure Resolvers and Realms - The Details
    • 1.3.1. UserIdResolvers and Realms - The Concepts
      • Authenticating with Realms and UserIdResolvers
    • 1.3.2. Configuring UserIdResolvers
      • Configuring LDAP UserIdResolver
      • Configuring SQL UserIdResolver
      • Configuring Passwd (Flatfile) UserIdResolver
        • Using /etc/passwd
        • Using a separate file
    • 1.3.3. InternalSQLResolver
      • Create InternalSQLResolver
      • Change InternalSQLResolver
    • 1.3.4. Configuring Realms
  • 1.4. Supported tokens
    • 1.4.1. Tokens
      • Hardware Tokens
      • Soft Tokens
      • Tokens for login and transaction security (challenge response)
        • LinOTP QR Token
        • LinOTP Push Token
      • Challenge Response Tokens
      • Special Tokens
    • 1.4.2. Recommended Mobile Apps
      • Recommended HOTP Apps
        • Apps for the iPhone
        • Apps for Android
      • Recommended mOTP Apps
        • Apps for iPhone
        • Apps for Android
        • Apps for Windows Phone
  • 1.5. Managing Tokens
    • 1.5.1. Tokentype Configuration
      • Global - Default Settings
      • E-Mail Token - Default Settings
      • OCRA2 Token - Default Settings
      • QRToken - Default Settings
      • RADIUS Token - Default Settings
      • Remote Token - Default Settings
      • SMS Token - Default Settings
      • TOTP Token - Default Settings
      • Yubico Token - Default Settings
    • 1.5.2. Import tokens
      • Importing tokens with the Web UI
        • Importing PSKC files
        • Importing OATH CSV files
        • Importing Tagespasswort files
    • 1.5.3. Viewing users in certain realms
      • Viewing users in the Web UI
    • 1.5.4. Viewing tokens in the WebUI
    • 1.5.5. Assign tokens
      • Multiple tokens for a user
      • Assign tokens using the Web UI
    • 1.5.6. Set OTP PIN
    • 1.5.7. Enrolling tokens
      • Enroll eToken NG-OTP
      • Enroll mOTP Token
      • Enroll HOTP, TOTP and OCRA2 Tokens
      • Enroll LinOTP Static Password Token
      • Enroll SMS OTP / Mobile TAN
      • Enroll Remote Token
      • Enroll Forwarding Token
      • Enroll RADIUS Token
      • Enroll LinOTP QR Token
      • Enroll LinOTP Push Token
      • Enroll OCRA2 Token
      • Enroll YubiKeys
        • Enrolling OATH/HOTP mode
        • Enrolling Yubico mode
        • Enrolling static mode
        • Enrolling Cloud mode
        • Enrolling Challenge Response mode
      • Enroll E-Mail Token
    • 1.5.8. Manage tokens
      • Unassign
      • Remove
      • Disable
      • Reset fail counter
      • Set Expiration
      • Resync token
    • 1.5.9. FIDO U2F
      • Overview
      • Example for U2F with LinOTP
        • Set up required policy
        • U2F token enrollment
        • Authentication with the assigned token
    • 1.5.10. Set token realm
    • 1.5.11. Token info
    • 1.5.12. Lost token
    • 1.5.13. Get serial by OTP
    • 1.5.14. Get OTP
    • 1.5.15. Users with no token
    • 1.5.16. UserIdResolver migration
  • 1.6. Policies
    • 1.6.1. Introduction
    • 1.6.2. Admin Policies
    • 1.6.3. Audit Policies
    • 1.6.4. Authentication Policies
      • OTP PIN variants
      • Authentication Passthrough
      • Pass on no Token
      • Challenge Response
      • Forward Request to Remote Server
      • Forward Request to Remote Server for User without Token only
      • Setup LinOTP QR Token
        • Call back Pairing URL for Activation of LinOTP QR Tokens
        • Call back Challenge URL for Authentication with LinOTP QR Tokens
        • Support for Offline QR Tokens
      • LinOTP Push Token Policies
        • Call back Pairing URL for Activation of LinOTP PushTokens
        • Call back Challenge URL for Authentication with LinOTP PushTokens
      • URL for OCRA2 Tokens
      • Choose SMS Provider
      • SMS Provider Failover
      • Automatic SMS sending
      • SMS Text
      • Enforce SMS Text
      • SMS Dynamic Mobile Number
      • Choose E-mail Provider
      • Email Subject
      • Email Text
      • Email dynamic address
      • Automatically Disable or Delete Token
        • Disable Token
        • Delete Token
    • 1.6.5. Authorization Policies
      • Authorization
      • Token Types
      • Serials
      • Setting Realms
      • Returning Details on validation
    • 1.6.6. Enrollment Policies
      • Token limits per Realm
      • Token limits per user
        • Total number of tokens per user:
        • Number of tokens per user by type:
      • Random OTP PIN
      • Encrypted OTP PIN
      • Token issuer
      • Token labels
      • Auto Assignment
      • Ignore Auto Assignment Pin
      • Autoassigment without Password Check
      • Lost token
      • Purge rollout tokens
      • U2F App ID
      • U2F Valid Facet
    • 1.6.7. Gettoken Policies
    • 1.6.8. Notification Policies
      • Token autoenrollment with user notification
    • 1.6.9. Reporting Policies
      • Activate Reporting
        • Total Number of Tokens
        • Token in certain States
      • Configure Access
        • Show Token
        • Show Maximal Number of Tokens
        • Delete data from Reporting Database
          • Delete all data
          • Delete data before a certain date
    • 1.6.10. Monitoring Policies
    • 1.6.11. Selfservice policies
      • OTP PIN policies
        • Character groups
        • Changing the character group definition
        • Reversing the OTP PIN logic
      • Retrieving OTP values
      • Verify policy
    • 1.6.12. System policies
    • 1.6.13. Users in policies
      • Extensions for user field in LinOTP =>2.8.1
        • Examples
    • 1.6.14. Clients in policies
    • 1.6.15. Policy checker
    • 1.6.16. Importing and exporting policies
    • 1.6.17. Best practice - policy example
      • Administrators
      • System
      • Selfservice
  • 1.7. Audit Trail
    • 1.7.1. Logging Scopes
      • Selfservice Portal
      • Validate
      • Audit Trail
      • Administrative Tasks
      • System configuration
      • Setting License
    • 1.7.2. Viewing the Audit Trail
    • 1.7.3. Configuration
    • 1.7.4. Searching the Audit Trail
      • Search in SQL Audit
  • 1.8. Challenge Response
    • 1.8.1. HOTP and TOTP Tokens
    • 1.8.2. SMS and e-mail
    • 1.8.3. Configure Challenge Message
    • 1.8.4. RADIUS
    • 1.8.5. Test Challenge Response
  • 1.9. SMS Provider for SMS OTP Tokens / Mobile TANs
    • 1.9.1. Overview
      • Triggering SMS
      • Configuration
        • Policy to choose SMS Provider
    • 1.9.2. Configure SMS Provider
      • Generic Options
      • Overview SMS Provider modules
        • HttpSMSProvider
        • SmtpSMSProvider
        • SMPPSMSProvider
        • RestSMSProvider
        • DeviceSMSProvider
    • 1.9.3. SMSProviderConfig
      • HttpSMSProvider
      • SmtpSMSProvider
      • SMPPSMSProvider
      • RestSMSProvider
      • SMPPSMSProvider
      • DeviceSMSProvider
  • 1.10. E-mail Provider for E-mail Token
    • 1.10.1. Overview
      • Triggering challenge (e-mail)
      • Configuration
        • Policy to choose E-Mail Provider
    • 1.10.2. Configure E-mail Provider details
    • 1.10.3. E-mail ProviderConfig
      • SMTPEmailProvider
  • 1.11. Push Provider for LinOTP Push Token
    • 1.11.1. Configuration
      • Policy to Choose Push Provider
      • Configure Push Provider
        • Configuration details of the DefaultPushProvider
    • 1.11.2. Testing of the LinOTP Push Token
      • Push Token via Test Page
      • Test Push via API
        • Trigger the Push Messages
        • Check Result
  • 1.12. System Config
    • 1.12.1. Tab Settings
      • Field Authentication
      • Field Authorization
    • 1.12.2. Tab Caching
    • 1.12.3. Tab GUI settings
    • 1.12.4. Tab Client Identification
      • Key differences between supported headers
      • Is my proxy configuration correct?
  • 1.13. Security Module
    • 1.13.1. PKCS11 module and SafeNet LunaSA
    • 1.13.2. Password handling
    • 1.13.3. PKCS #11 and YubiHSM Padding bug
      • Technical details
  • 1.14. Retrieving OTP values
  • 1.15. Tools
    • 1.15.1. linotp
      • linotp local-admins
      • linotp audit
    • 1.15.2. linotp-tokens-used
    • 1.15.3. linotp-backup
    • 1.15.4. linotp-restore
    • 1.15.5. linotp-convert-token
    • 1.15.6. linotp-convert-xml-to-csv
    • 1.15.7. linotp-decrypt-otpkey
    • 1.15.8. LinotpLDAPProxy.pm
  • 1.16. Backup and Restore
    • 1.16.1. Backup database and encryption key
    • 1.16.2. Backup additional resources
    • 1.16.3. Disaster Recovery
  • 1.17. Monitoring / Reporting
    • 1.17.1. Monitoring
      • Perform Queries
      • License
      • Storage encryption
      • Tokens
      • UserIdResolver
    • 1.17.2. Reporting
      • Prerequisites
      • Configuration
        • Activating Reporting and Reporting access
        • Current limitations
      • Reporting Modes
      • Evaluation / Reporting APIs
      • Perform Queries
        • show or period
        • maximum
        • Delete counters from database with delete_all
        • Delete counters from database with delete_before
  • 1.18. PCI DSS
  • 1.19. Usage scenarios
    • 1.19.1. Protection levels
  • 1.20. Troubleshooting
    • 1.20.1. LDAP/Active Directory Connection
    • 1.20.2. Testing the Freeradius Server
    • 1.20.3. RADIUS Authentication fails
    • 1.20.4. RADIUS server log file
    • 1.20.5. Access to Web API
    • 1.20.6. OTP Authentication
    • 1.20.7. LinOTP server log file
      • Special logging configuration
  • 1.21. The LinOTP configuration
    • 1.21.1. Configuration parameters
    • 1.21.2. Setting the configuration parameters in a configuration file
    • 1.21.3. Setting the configuration parameters via environment variables
  • 1.22. Indices and tables
• 2. LinOTP Selfservice Portal
  • 2.1. Managing token in self service
    • 2.1.1. Conditions for use
    • 2.1.2. Access SelfService Portal
  • 2.2. Typical usecases for supported token in self service
    • 2.2.1. Basic actions for tokens
    • 2.2.2. Application Scenario with the LinOTP Push Token
      • Customize the LinOTP configuration
      • Testing the configuration with a Push Token
      • Prepare Windows or Apple Clients with LinOTP Authentication Provider LAP
      • Install the LinOTP Authenticator app on the users smartphone
      • Rollout and activate the push token by the user
        • Step 1: Enroll your Push Token
        • Step 2 Activate your Push Token
      • Test for LinOTP Push Token
    • 2.2.3. Application Scenario with the LinOTP QR Token
      • Customize the LinOTP configuration
      • Prepare Windows or Apple Clients with LinOTP Authentication Provider LAP
      • Install the LinOTP Authenticator app on the users smartphone
      • Rollout and activate the LinOTP QR token by the user
        • Step 1: Enroll your QR Token
        • Step 2 Activate your QR Token
      • Test the LinOTP QR Token with /auth/qrtoken
    • 2.2.4. Enrolling OATH Token for Google Authenticator
    • 2.2.5. Using mOTP Token
      • Initializing the mOTP Token
      • Registering the mOTP Token
      • Authenticating using mOTP Token
    • 2.2.6. Disable lost token
    • 2.2.7. Change OTP PIN
    • 2.2.8. Resynchronize Token
  • 2.3. Individualize the SelfService Portal
    • 2.3.1. SelfService Portal Imprint
  • 2.4. Indices and tables
• 3. LinOTP Installation Guide
  • 3.1. Supported Operating Systems
    • 3.1.1. Supported Database systems
  • 3.2. Checklist
    • 3.2.1. Decide which distribution you want to use
    • 3.2.2. Decide which token database you want to use
    • 3.2.3. SSL certificate
    • 3.2.4. LinOTP Admin
    • 3.2.5. User databases
    • 3.2.6. User tokens
    • 3.2.7. Authentication
    • 3.2.8. Location in your network
  • 3.3. Server installation
    • 3.3.1. Offline Installation as a Smart Virtual Appliance
      • Introduction
      • Offline Installation
    • 3.3.2. Installing from APT repositories
      • Debian Buster
    • 3.3.3. LinOTP Administrators
      • Logins for administrative interfaces
        • Overview
        • Administrative Users
        • UserIdResolver
        • Realm
        • Policy
      • Manage the Administrators
        • Create local Administrators from GUI
        • Create local Administrators from Shell
    • 3.3.4. LinOTP Server configuration background
      • LinOTP Server configuration
        • Token database
        • RADIUS token communication
        • linotp server
        • Apache web server
          • Apache configuration file
          • Authenticating to the Management Interface
          • Issuing Certificate Authority
  • 3.4. Installing Authentication Modules
    • 3.4.1. Enabling PAM authentication with pam_linotp
      • Configure pam_linotp
    • 3.4.2. Enabling RADIUS authentication with rlm_linotp2
      • Configuring rlm_linotp2
      • Activating rlm_linotp2
      • Using rlm_linotp2 and SSL
      • Testing rlm_linotp2
      • Fail-over configuration for RADIUS
    • 3.4.3. Enabling RADIUS authentication with Radiator
    • 3.4.4. Enabling RADIUS authentication with rlm_perl
      • Configuring radius_linotp.pm
      • Testing rlm_perl
    • 3.4.5. Enable SAML Identify Provider
  • 3.5. Customization
    • 3.5.1. Custom LinOTP3 Selfservice
    • 3.5.2. Style Sheets - LinOTP3
    • 3.5.3. Changing the Logo
  • 3.6. Database connection
    • 3.6.1. Configure a redundant mariadb database with master-master-replication
      • Introduction
      • Replication user
      • Configure replication
      • Setup slaves
      • Synching the machines
      • Activate the Replication Mode in LinOTP
    • 3.6.2. Configure a redundant MySQL database with master-master-replication
      • Introduction
      • Replication user
      • Configure replication
      • Setup slaves
      • Synching the machines
      • Activate the Replication Mode in LinOTP
  • 3.7. Security Modules
    • 3.7.1. Defining Security Modules
    • 3.7.2. Defining SafeNet LunaSA
      • Partition Password
    • 3.7.3. Setting up SafeNet LunaSA
      • Requirements
      • Network settings
      • LunaSA server certificate
      • Initialization of HSM
        • Create HSM Admin PED Key
        • Create Domain PED Key
        • HSM security polices
        • Create HSM Partitions
        • Partition policies
        • Activate Partitions
      • Setting up HSM clients and assigning clients to HSM partitions
      • Troubleshooting
    • 3.7.4. Create AES Keys
    • 3.7.5. Backup and restore with LunaSA
      • Backup
      • Restore
    • 3.7.6. Setting up HA and Load balancing for LunaSA
      • Register LinOTP
      • Creating HA group
      • Monitoring
        • Restore an HA group
    • 3.7.7. Managing Passwords with LunaSA
      • Changing admin Password
      • Changing HSM PED Password
      • Changing Partition Passwords
      • Resetting Partition Passwords
  • 3.8. Integration examples
    • 3.8.1. OTP Authentication with an Apache web server
      • Download
      • Compile
      • Configuration
    • 3.8.2. Firewall integration
    • 3.8.3. Authentication with third party OTP solutions
      • Configure FreeRADIUS LDAP
      • Configure FreeRADIUS proxy
      • Configure proxy decision
    • 3.8.4. Restrict access to certain devices to certain users
      • Install LDAP FreeRADIUS module
      • Adapt the configuration
      • modules/ldap
      • clients.conf
      • policy.conf
      • site-enabled/linotp
    • 3.8.5. Map certain RADIUS clients to specific LinOTP realms
      • Example Data
      • Configuration
      • Define two client networks
      • Define the mapping policy
      • Add the shortname to the request
      • Activate policy during authentication
    • 3.8.6. Authenticating RADIUS clients that pass the ntdomain
    • 3.8.7. LinOTP and MIT Kerberos
      • Setting up OTP with Kerberos
      • Setting up FAST
    • 3.8.8. Deny access for disabled users in Active Directory
    • 3.8.9. Use LDAPs in UserIdResolvers
  • 3.9. Migrating to LinOTP 3
    • 3.9.1. Configuration
      • Configuration directory
      • Configuration file
      • Configuration file locations for Debian packages (as per linotp-cfg-default)
      • New configuration settings
      • Removed settings
    • 3.9.2. Database encoding migration
    • 3.9.3. Administrator authentication
    • 3.9.4. API endpoints requiring POST requests
    • 3.9.5. User interface
      • Audit trail tab of ManageUI
    • 3.9.6. Howto migrating from LinOTP 2 to LinOTP 3
  • 3.10. Security advisories
    • 3.10.1. Locked Users
    • 3.10.2. UserIdResolver
  • 3.11. Troubleshooting
    • 3.11.1. Connecting to userstores
    • 3.11.2. Distribution not Found: LinOTP2
    • 3.11.3. SQLAlchemy error
    • 3.11.4. Access denied for user root@localhost
  • 3.12. Indices and tables
• 4. LinOTP Appliance Manual
  • 4.1. SVA Install
  • 4.2. Quick Start Guide Appliance
    • 4.2.1. Introduction
      • Licensing
      • Documentation, Support & Notes
    • 4.2.2. Part 1: Setup the LinOTP Smart Virtual Appliance
    • 4.2.3. Basic Configuration - Quick Start
      • License Agreement
      • Registration of your Enterprise Support and Subscription license
      • Basic Network Configuration
      • Setting the Time and Date
      • User Roles and Passwords
      • Definition of the RADIUS Clients
      • Key Generation and Database Passwords
    • 4.2.4. Part 2: Connecting to the User Directory, Rollout of Tokens
      • Open the LinOTP Management Interface
      • Creating User ID Resolvers
      • Creating Realms
      • Token
        • Hardware Token
        • Soft Token
      • Assigning Tokens
      • Setting the Token PIN
      • Practical Test
      • Use Information and Notes
        • Backup and Software Update
        • Important URLs and Administrator Roles
        • HA Mode
    • 4.2.5. Appendix: Practical Tips and Legal Notes
      • License Conditions
      • Support Addresses
      • About netgo LinOTP
  • 4.3. The Appliance Dashboard
  • 4.4. Configuring network settings
  • 4.5. Managing LinOTP token administrators
  • 4.6. LinOTP debug logging
  • 4.7. Configuring the RADIUS access to the LinOTP appliance
    • 4.7.1. Detailed settings
      • Realm mapping
      • Windows domain stripping
  • 4.8. Working with configuration sets
  • 4.9. Root user and appadmin user
  • 4.10. Change the server SSL certificate
    • 4.10.1. New self-signed certificate
    • 4.10.2. Create Certificate Request – Externally signed Certificate
  • 4.11. Advanced settings
  • 4.12. Redundant setup
    • 4.12.1. Setup redundancy
    • 4.12.2. Known Errors
    • 4.12.3. Reverting Redundancy
    • 4.12.4. Repair an out of sync redundant setup
  • 4.13. The support file
  • 4.14. Updates
    • 4.14.1. Automatic Scheduled Updates
    • 4.14.2. Manual Updates
    • 4.14.3. Update the Appliance from offline installer
  • 4.15. Backup and restore
    • 4.15.1. Manual Backup
    • 4.15.2. Automatic Backup
      • Details
    • 4.15.3. Restore Settings and Data
  • 4.16. License and Update key
    • 4.16.1. Install a new license
    • 4.16.2. Install a new Update key
  • 4.17. Disaster recovery
    • 4.17.1. Create and install a new Appliance
    • 4.17.2. Basic configuration of the new LinOTP Appliance
    • 4.17.3. Restore the backup
    • 4.17.4. Check the new LinOTP Appliance
  • 4.18. Appliance uprade to Version 3
    • 4.18.1. Backup old Appliance
    • 4.18.2. Install a new Appliance
    • 4.18.3. Quick Start Restore Appliance
    • 4.18.4. Troubleshooting for restore
    • 4.18.5. Create administrators after restore
    • 4.18.6. Restoring the redundancy
    • 4.18.7. Transferring customizations
    • 4.18.8. Check the new LinOTP Appliance
  • 4.19. Network integration
  • 4.20. Indices and tables
• 5. LinOTP Development Guide
  • 5.1. Authentication interfaces
    • 5.1.1. Validate Controller
      • Authentication workflow
      • Authentication via “validate” controller with “check” action
    • 5.1.2. Example for authentication integration
      • Python integration
      • C# integration
      • Java integration
      • Java Script integration for server side implementation
      • C integration
      • PHP integration
  • 5.2. Administrative Interfaces
    • 5.2.1. Authentication
      • Usage of the administrative API
    • 5.2.2. Accessing the API with your Browser
    • 5.2.3. Programmatically calling the API
    • 5.2.4. Technical background
    • 5.2.5. Orphaned tokens
  • 5.3. Monitoring Interface
    • 5.3.1. Session parameter
      • Accessing the API with your Browser
    • 5.3.2. Examples
      • Tokens
      • User information
      • License
      • Configuration
      • Encryption
  • 5.4. Licenses
    • 5.4.1. AGPLv3
  • 5.5. Indices and tables
• 6. LinOTP HOW-TOs Guide
  • 6.1. Usability - HOW-TOs
    • 6.1.1. Autoenrollment of Tokens via SMS or Email
      • Prerequisites
      • Policies
      • Token configuration SMS
        • SMSProviderConfig
          • HttpSMSProvider
          • SmtpSMSProvider
          • SMPPSMSProvider
          • DeviceSMSProvider
          • RestSMSProvider
      • Token configuration e-mail
      • Test scenario
    • 6.1.2. LinOTP’s Rollout Token Feature
      • It’s about security…
      • The Enrollment Process
      • LinOTP Self Service Portal
      • The Problem
      • The Solution - an exclusive rollout token
      • How to appoint a rollout token
      • The rollout procedure of the User Token
      • Remove redundant rollout tokens automatically
    • 6.1.3. E-mail token with notification & templates
    • 6.1.4. Read the audit trail via the API
    • 6.1.5. Read the Token Info via the API
    • 6.1.6. Indices and tables
  • 6.2. Configuration - HOW-TOs
    • 6.2.1. Provide CA certificates for HTTPS and LDAPS in the system store
      • Certificate chains for UserIdResolvers on OS level
        • Providing the CA_Certificate
      • Converting PKCS#7 from the Windows PKI
    • 6.2.2. Disable the autoresync function
    • 6.2.3. Indices and tables
  • 6.3. Infrastructure - HOW-TOs
    • 6.3.1. Two-Factor SSH Authentication with LinOTP
      • 1 Introduction
      • 2 Prerequisites
      • 3 Direct authentication via LinOTP web interface (no RADIUS server needed)
        • 3.1 pam_linotp
        • 3.2 pam_py_linotp
      • 4 Authentication via RADIUS
        • 4.1 Connect to RADIUS via PAM (libpam-radius-auth)
      • 5 Final Configuration of the SSH server
      • 6 Test
    • 6.3.2. RADIUS Authentication with return of attributes
      • Activating the rlm_module in freeRADIUS
      • Configuration of the LDAP module in freeRADIUS
        • Connection of the LDAP module with the LDAP servers
        • Customize the filter for users
        • Adjustment of the filter for the attribute to be returned
      • Configuration of the site linotp
        • Check group membership
      • Testing the function
        • Start the freeRADIUS server in debug mode:
        • Starting a client request to the RADUIS server:
    • 6.3.3. Indices and tables
  • 6.4. Indices and tables

Indices and tables

• Index

• Search Page

• Module Index