Skip to content

A centralized totp solution based on google-authenticator

License

Notifications You must be signed in to change notification settings

mricon/totp-cgi

Repository files navigation

TOTPCGI

A centralized totp solution based on google-authenticator

Build Status
Author:mricon@kernel.org
Copyright:Konstantin Ryabitsev and contributors
License:GPLv2+
Version:0.6.0

DECRIPTION

The idea of totpcgi (pronounced "Toopy-CGI") came when lamenting that google-authenticator implementation is "almost there" to be used as a generic org-wide 2-factor solution, but is annoyingly written to be a one-secret-per-service (or -per-host) solution. Thus, totpcgi was born, which uses files generated by google-authenticator and serves them from a central installation.

It is intended to be used with pam_url.

FEATURES

  1. Fully interoperable with Google-Authenticator
  2. Uses Google-Authenticator-generated secret files
  3. Supports pincodes (i.e. users log in with 'usercode555555')
  4. Supports file-based state backend for non-redundant installations and Postgresql for load-balanced setups.
  5. Supports encrypting the Google-Authenticator master secret with the user's pincode.
  6. Supports web-based provisioning to generate Google-Authenticator compatible files (or database entries).

REQUIREMENTS

  1. pyotp
  2. google-authenticator to generate the .totp files by hand
  3. flup (for .fcgi only)
  4. psycopg2 (for postgresql backend support)
  5. py-bcrypt (for pincode support using bcrypt)
  6. pycrypto and passlib (for encrypted-secret support)
  7. pam_url (for PAM support)
  8. python-qrcode (for provisioning support)
  9. MySQL-python (for MySQL backend support)

All of these dependencies are in EPEL for RHEL 6.

AUTHORS

SUPPORT

Please open an issue on GitHub: https://github.com/mricon/totp-cgi/issues