Skip to main content

Pam module to authenticate users using HOTP token.

Project description

libpam-hotp is a PAM (Pluggable Authentication Modules) module written in Python to authenticate users using an OTP (One Time Password) generated with the HOTP algorithm.

1. Installation

libpam-hotp depend of libpam-python which is packaged into all major distro. The module have been tested with Python 2.6, maybe it also work with 2.5, and certainly with 2.7 version.

After installing the dependencies, you can drop into /lib/security directory.

Next step is to setup PAM, and create a file with all your token seeds.

2. Configuration of PAM

libpam-hotp use libpam-python, the latter is actually the called module for PAM, thereby, your rule line will look like this:


Available options are:

  • file: path to file that store user login - secret seeds mapping (default to /etc/hotp).


auth sufficient file=/etc/hotp_ssh

NOTE: This module only provide the AUTH mecanism.

3. Seeds file:

Seed file store the mapping between an user login and the secret seed code of user’s token.

Each line of this file is an association, each field is separated by an “:” char. The three first fields are mandatory:

  • User login
  • Secret seed code (encoded in hexadecimal form)
  • The number of seconds for a period (see your token datasheet)

You can add two additionals fields:

  • The maximum allowed number of drift periods
  • An hash, used to prompt an additionnal password to the user.

The hash is encoded with it salt with this format: SALT$HASH, hash function is SHA1(CONCAT(PASSWORD, SALT)).


Here is a complete example for the user stallman, with a token-period of 30 seconds, a maximum drift of 3 periods, and an additionnal password “richard”:


Project details

Release history Release notifications

This version
History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
libpam_hotp-0.1-py2.6.egg (2.1 kB) Copy SHA256 hash SHA256 Egg 2.6
libpam_hotp-0.1.tar.gz (2.3 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page