OTPme: A flexible One-Time-Password system

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for the2nd from gravatar.com the2nd

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU GENERAL PUBLIC LICENSE
  • Author: The2nd
  • Maintainer: The2nd
  • Tags OTP , U2F , fido2 , two factor authentication , PAM , LDAP
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

Installation instructions

Warning: OTPme is alpha software. Do not use it in production. Expect breaking changes, incomplete features and bugs.

Full documentation is available at https://otpme.readthedocs.io.

Manpages can be installed with:

otpme-install-manpages

Install debian dependencies

apt-get install python3.11-venv gobjc++ python3-pybind11 python3-dev build-essential cmake gcc dbus-x11 freeradius freeradius-python3 libacl1-dev libnss-cache liboath0 liboath-dev libpcsclite1 libpq-dev libre2-9 libre2-dev libsystemd-dev pkg-config postgresql postgresql-server-dev-all pwgen pyflakes3 redis redis-server redis-tools libpcsclite-dev ykcs11 fuse3 libpam-python liblmdb0

Disable installed services

systemctl stop redis
systemctl disable redis
systemctl stop postgresql
systemctl disable postgresql
systemctl stop freeradius
systemctl disable freeradius

Install otpme

Add otpme system user

useradd -r -U -d /var/lib/otpme otpme

Enable nsswitch nsscache module

Edit /etc/nsswitch.conf and append 'cache' to the lines passwd, shadow and group.

Create python venv

python3 -m venv /opt/otpme
. /opt/otpme/bin/activate

Install otpme and dependencies

pip3 install cython
pip3 install otpme

Copy configuration files

cp -a /opt/otpme/lib/python3.11/site-packages/etc/otpme /etc/
cp -a /etc/otpme/otpme.conf.dist /etc/otpme/otpme.conf

Edit /etc/otpme/otpme.conf

POSTGRES_PG_CTL_BIN="/usr/lib/postgresql/15/bin/pg_ctl"

Create PYTHONPATH file with path to venv (e.g. /opt/otpme/lib/python3.11/site-packages/)

/etc/otpme/PYTHONPATH

Init your otpme realm

otpme-realm --api -ddee --color-logs -f init --ca-key-len 2048 --site-key-len 2048 --node-key-len 2048 --dicts english,en-top10000,common-passwords,us-female,us-male,us-surnames,abbreviations-it --id-ranges "uidNumber:s:100000-200000,gidNumber:s:100000-200000" yourrealm.tld yoursite localhost 127.0.0.1

Note: Scan the generated QRCode with the "Google Autenticator App" and note the PIN of the admin token.

Start OTPme daemons

otpme-controld start

Login with admin token

You need to input pin+otp.
otpme-tool login

Add optional U2F/fido2 attestation certificates from https://developers.yubico.com/FIDO/yubico-fido-ca-certs.txt.

wget https://developers.yubico.com/FIDO/yubico-fido-ca-1.pem
wget https://developers.yubico.com/FIDO/yubico-fido-ca-2.pem
otpme-site add_fido2_ca_cert yoursite yubico-fido-ca-1.pem
otpme-site add_fido2_ca_cert yoursite yubico-fido-ca-2.pem
otpme-site config yoursite check_fido2_attestation_cert True

Disable gpg-agent (systemd) to use yubikey/GPG card with the PAM module.

systemctl --global mask --now gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for the2nd from gravatar.com the2nd

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU GENERAL PUBLIC LICENSE
  • Author: The2nd
  • Maintainer: The2nd
  • Tags OTP , U2F , fido2 , two factor authentication , PAM , LDAP
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

This version

0.3.0a204 pre-release

0.3.0a203 pre-release

0.3.0a202 pre-release

0.3.0a201 pre-release

0.3.0a200 pre-release

0.3.0a199 pre-release

0.3.0a198 pre-release

0.3.0a197 pre-release

0.3.0a196 pre-release

0.3.0a195 pre-release

0.3.0a194 pre-release

0.3.0a193 pre-release

0.3.0a192 pre-release

0.3.0a191 pre-release

0.3.0a190 pre-release

0.3.0a189 pre-release

0.3.0a188 pre-release

0.3.0a187 pre-release

0.3.0a186 pre-release

0.3.0a185 pre-release

0.3.0a184 pre-release

0.3.0a183 pre-release

0.3.0a182 pre-release

0.3.0a181 pre-release

0.3.0a180 pre-release

0.3.0a179 pre-release

0.3.0a178 pre-release

0.3.0a177 pre-release

0.3.0a176 pre-release

0.3.0a175 pre-release

0.3.0a174 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

otpme-0.3.0a204.tar.gz (6.0 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

otpme-0.3.0a204-py3-none-any.whl (6.4 MB view details)

Uploaded Python 3

File details

Details for the file otpme-0.3.0a204.tar.gz.

File metadata

  • Download URL: otpme-0.3.0a204.tar.gz
  • Upload date:
  • Size: 6.0 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.11.2

File hashes

Hashes for otpme-0.3.0a204.tar.gz
Algorithm Hash digest
SHA256 e4e1e8d53ce3b75983735bbb45973b3e89437198d546b8e0fb716cad923426ca
MD5 5af0f5e5dfaad3b940b2cb0debbfa350
BLAKE2b-256 60c5dae1c3814de9a1b33e49b28be04bda9e083496d51cfdf309ec3ac2ad97ea

See more details on using hashes here.

File details

Details for the file otpme-0.3.0a204-py3-none-any.whl.

File metadata

  • Download URL: otpme-0.3.0a204-py3-none-any.whl
  • Upload date:
  • Size: 6.4 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.11.2

File hashes

Hashes for otpme-0.3.0a204-py3-none-any.whl
Algorithm Hash digest
SHA256 95f6a1a110cff755ac67f2b293f54c03c73a9d867a74d347bfe6aa91bf8f78ca
MD5 8d00561fb7235fdac4dce0445bd22015
BLAKE2b-256 3dc7e8d26de66aeb2ba070c5b33468e145e3d7802e3e9b70892db2e7f0fa08b8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page