Defining Security Modules

3.7.1. Defining Security Modules#

You can define several different security modules. At the moment LinOTP comes with the modules

Pkcs11SecurityModule

which is defined in the python module linotp.lib.security.pkcs11

DefaultSecurityModule

which is defined in the python module linotp.lib.security.default.

But this can easily enhanced to write your own security module.

To define modules you follow this scheme in the /etc/linotp2/linotp.ini file:

linotpSecurity.some_name_1.module = linotp.lib.security.some_package_1.some_class_1
linotpSecurity.some_name_2.module = linotp.lib.security.some_package_2.some_class_2
linotpSecurity.some_name_3.module = linotp.lib.security.some_package_3.some_class_3
linotpSecurity.some_name_4.module = linotp.lib.security.some_package_4.some_class_4

You then define, which security module should be used by LinOTP. This is also done in the linotp.ini file:

linotpActiveSecurityModule = some_name_2

Note

If you define nothing in the linotp.ini LinOTP uses the default security module and will work as usual.