AuthSelect is an SQL query that fetches HOTP data from the SQL
database. It is passed the user name in %0. It is expected to return
(secret, active, userId, counter, staticpassword) Field 0 (secret) is the
HEX encoded secret key for the token.. It must be present for the
authentication to succeed (Mandatory). Fields 1 and 2 are the counter high
and low parts respectively (Mandatory). All following fields are
optional:
- If field 3 (active) is defined is must be 1 else the
authentication is rejected.
- Field 4 (pin) is the users static PIN It will be checked if the
user specifies a static password or if Require2Factor is set.
- Field 5 (digits) is the number of digits in the users HOTP code.
If NULL the value of DefaultDigits will be used.
- Field 6 (bad_logins) counts the number of consecutive
authentication failures. If defined it will be used to detect brute
force attacks and must be updated by UpdateQuery.
- Field 7 (last_time_accessed) is the unix timestamp of the last
authentication attempt. It is used to detect brute force attacks.
The default works with the sample database schema provided in
goodies/hotp.sql. The default is:
select secret, counter_high, counter_low, active, pin, digits,
bad_logins, unix_timestamp(accessed) from hotpkeys where username=%0
