3.88. <AuthBy SQLTOTP> Previous topic Parent topic Child topic Next topic

This module supports authentication using TOTP (RFC 6238) authentication. TOTP is an open specification for time-based one time passwords, developed by UATH Opens in new window
TOTP is a time-based authentication protocol, and is designed for use in time-based 2 factor tokens and other similar authentication processes. It uses the well-known SHA-1, SHA-256 or SHA-512 hash function, along with a secret key and a timestamp. The specification is completely open and free and is the result of community collaboration with OATH.
The <AuthBy SQLTOTP> authentication module detects replay and brute-force attacks. It supports optional PIN/static password for 2 factor authentication when the user prefixes their static password before the TOTP one-time password.
The secret key, PIN and such are stored in a SQL database. Any database supported by Radiator can be used. A sample configuration file and SQL schema for MySQL are supplied in the goodies directory of your Radiator distribution.
Correct operation of time based authentication tokens such as TOTP requires accurate synchronisation of the clocks on the client and Radiator server computers.
<AuthBy SQLTOTP> supports the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.28. <AuthBy xxxxxx>. It supports also all the common SQL configuration parameters. For more information about the SQL configuration parameters, see Section 3.8. SQL configuration.