Duo HOTP
Duo can authenticate using HOTP - Hash(message authentication code)-based One-Time Password.
But it has some proprietary covers over the OATH (Initiative for Open Authentication) standard.
simonseo/nyuad-spammer has code to work around this.
duo.py is largely copied from there
Usage
also see duo.py -h or the doc string of duo.py
- generate a new duo QR code for an android tablet within your institution's device management portal
- copy the url of the QR code image
. it should look like https://api-e4c9863e.duosecurity.com/frame/qr?value=c53Xoof7cFSOHGxtm69f-YXBpLWU0Yzk4NjNlLmR1b3NlY3VyaXR5LmNvbQ ./duo.py new 'https://URL-OF-IMAGE'to register- push continue in the browser
./duo.py nextfor future authentication
Convenience
consider adding binding in sxkd, xbindkeys, etc for
duo.py next -s ~/secure/myinstitution_duo.json | xclip -iWarnings
- The default
secret.jsonfile is not encrypted! Be careful where you store it (see-sswitch). - if you generate too many
nextcalls w/out passing on to duo, you'll leave the validation window and duo will not authenticate.
Install
pip install -r requirements.txt # pyotp docopt requests
./duo.py -hTests
testing is limited.
python -m doctest duo.pyTODO
- support GPG to secure secret file
TOTP
duo.py is specific to duo's HOTP.
For time based one time passwords (Google Authenticator, Microsoft Authenticator), look at oath-toolkit
KEY=$(zbarimg /path/to/qr-image.png)
oathtool --totp --base32 $KEY