OTPme: A flexible One-Time-Password system
Project description
Installation instructions
Full documentation is available at https://otpme.readthedocs.io.
Manpages can be installed with:
otpme-install-manpages
Install debian dependencies
apt-get install python3.11-venv gobjc++ python3-pybind11 python3-dev build-essential cmake gcc dbus-x11 freeradius freeradius-python3 libacl1-dev libnss-cache liboath0 liboath-dev libpcsclite1 libpq-dev libre2-9 libre2-dev libsystemd-dev pkg-config postgresql postgresql-server-dev-all pwgen pyflakes3 redis redis-server redis-tools libpcsclite-dev ykcs11 fuse3 libpam-python liblmdb0
Disable installed services
systemctl stop redis
systemctl disable redis
systemctl stop postgresql
systemctl disable postgresql
systemctl stop freeradius
systemctl disable freeradius
Install otpme
Add otpme system user
useradd -r -U -d /var/lib/otpme otpme
Enable nsswitch nsscache module
Edit /etc/nsswitch.conf and append 'cache' to the lines passwd, shadow and group.
Create python venv
python3 -m venv /opt/otpme
. /opt/otpme/bin/activate
Install otpme and dependencies
pip3 install cython
pip3 install otpme
Copy configuration files
cp -a /opt/otpme/lib/python3.11/site-packages/etc/otpme /etc/
cp -a /etc/otpme/otpme.conf.dist /etc/otpme/otpme.conf
Edit /etc/otpme/otpme.conf
POSTGRES_PG_CTL_BIN="/usr/lib/postgresql/15/bin/pg_ctl"
Create PYTHONPATH file with path to venv (e.g. /opt/otpme/lib/python3.11/site-packages/)
/etc/otpme/PYTHONPATH
Init your otpme realm
otpme-realm --api -ddee --color-logs -f init --ca-key-len 2048 --site-key-len 2048 --node-key-len 2048 --dicts english,en-top10000,common-passwords,us-female,us-male,us-surnames,abbreviations-it --id-ranges "uidNumber:s:100000-200000,gidNumber:s:100000-200000" yourrealm.tld yoursite localhost 127.0.0.1
Note: Scan the generated QRCode with the "Google Autenticator App" and note the PIN of the admin token.
Start OTPme daemons
otpme-controld start
Login with admin token
You need to input pin+otp.
otpme-tool login
Add optional U2F/fido2 attestation certificates from https://developers.yubico.com/FIDO/yubico-fido-ca-certs.txt.
wget https://developers.yubico.com/FIDO/yubico-fido-ca-1.pem
wget https://developers.yubico.com/FIDO/yubico-fido-ca-2.pem
otpme-site add_fido2_ca_cert yoursite yubico-fido-ca-1.pem
otpme-site add_fido2_ca_cert yoursite yubico-fido-ca-2.pem
otpme-site config yoursite check_fido2_attestation_cert True
Disable gpg-agent (systemd) to use yubikey/GPG card with the PAM module.
systemctl --global mask --now gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file otpme-0.3.0a186.tar.gz.
File metadata
- Download URL: otpme-0.3.0a186.tar.gz
- Upload date:
- Size: 5.8 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74ddecd1929d4fdbcbf252ee36a1db12a4d9b14811ed88aa36de98df10a4ed87
|
|
| MD5 |
fbc774709a1b91ff858adf325b7a1050
|
|
| BLAKE2b-256 |
02bb84ff7e382a06dd32478f28cdfa7b0373123d52d9a00b56d74c742cb0a63e
|
File details
Details for the file otpme-0.3.0a186-py3-none-any.whl.
File metadata
- Download URL: otpme-0.3.0a186-py3-none-any.whl
- Upload date:
- Size: 6.2 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e142ec167f32489741eb37837caa4db185425a1a77a6697e79c575edf548ec91
|
|
| MD5 |
06b221dee4690a1f29976f8ec97da7d9
|
|
| BLAKE2b-256 |
76ebed2e89a665f209124bb7aeb8f4f5fca5f6bc859652496da28ba08e6b8e18
|
