3.85. <AuthBy SQLHOTP> Previous topic Parent topic Child topic Next topic

This module supports authentication using HOTP (RFC 4226) authentication. HOTP is an open specification for event-based one time passwords, developed by OATH Opens in new window.
HOTP is an event-based authentication protocol, and is designed for use in time-based 2 factor tokens and other similar authentication processes. It uses the well-known SHA-1 hash function, along with a secret key and an incrementing counter. The specification is completely open and free and is the result of community collaboration with OATH.
The <AuthBy SQLHOTP> authentication module detects replay and brute-force attacks. It supports optional PIN/static password for 2 factor authentication when the user prefixes their static password before the HOTP one-time password. It requires Digest::HMAC_- SHA1, which is part of CPAN. For more information, see Section 2.1.2. CPAN.
The secret key, current counter etc. are stored in a SQL database. Any database supported by Radiator can be used. A sample configuration file and SQL schema for MySQL are supplied in the /goodies directory of your Radiator distribution.
<AuthBy SQLHOTP> supports the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.26. <AuthBy xxxxxx>. It supports also all the common SQL configuration parameters. For more information about the SQL configuration parameters, see Section 3.6. SQL configuration.