3.85.1. AuthSelect Previous topic Parent topic Child topic Next topic

AuthSelect is an SQL query that fetches HOTP data from the SQL database. It is passed the user name in %0. It is expected to return (secret, active, userId, counter, staticpassword) Field 0 (secret) is the HEX encoded secret key for the token.. It must be present for the authentication to succeed (Mandatory). Fields 1 and 2 are the counter high and low parts respectively (Mandatory). All following fields are optional:
  • If field 3 (active) is defined is must be 1 else the authentication is rejected.
  • Field 4 (pin) is the users static PIN It will be checked if the user specifies a static password or if Require2Factor is set.
  • Field 5 (digits) is the number of digits in the users HOTP code. If NULL the value of DefaultDigits will be used.
  • Field 6 (bad_logins) counts the number of consecutive authentication failures. If defined it will be used to detect brute force attacks and must be updated by UpdateQuery.
  • Field 7 (last_time_accessed) is the unix timestamp of the last authentication attempt. It is used to detect brute force attacks.
The default works with the sample database schema provided in goodies/hotp.sql. The default is:
select secret, counter_high, counter_low, active, pin, digits,
bad_logins, unix_timestamp(accessed) from hotpkeys where username=%0