ugosan / yubico-yubiserve

Automatically exported from code.google.com/p/yubico-yubiserve
GNU General Public License v3.0
0 stars 0 forks source link

support time based oath #21

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
It would be very nice to be able to use time based oath tokens, as generated by 
Google authenticator, or similar.

OATH support currently appears to be counter based only.

Original issue reported on code.google.com by glen.ogilvie@gmail.com on 20 Dec 2012 at 7:08

GoogleCodeExporter commented 8 years ago
I've already thought about TOTP, and wanted to add it some months ago, but 
couldn't find the time to add this feature. However, I agree it would be really 
interesting having it, making the validation server a complete tiny 
cryptosystem.
I will try to add it soon! :-)

And, of course, thank you for the interest!

Original comment by b1ga...@gmail.com on 20 Dec 2012 at 7:11

GoogleCodeExporter commented 8 years ago
I will probably merge the code from the hotpie project 
(https://github.com/gingerlime/hotpie) with the yubiserve. Just a note. :)

Original comment by b1ga...@gmail.com on 20 Dec 2012 at 7:14

GoogleCodeExporter commented 8 years ago
That looks like a nice clean bit of code to merge.  Do you think you will use 
this for HOTP as well? 

Original comment by glen.ogilvie@gmail.com on 2 Jan 2013 at 11:06

GoogleCodeExporter commented 8 years ago
It seems really clean, I think it won't hurt! :)
I won't be home for the next week, so I will merge it as soon as I'll be back :)

Original comment by b1ga...@gmail.com on 2 Jan 2013 at 11:27

GoogleCodeExporter commented 8 years ago
how are you getting on with TOTP?

I would like us to release a new version of yubiserve soon.. and thought maybe 
with TOTP included.

Glen

Original comment by glen.ogilvie@gmail.com on 17 Jan 2013 at 11:36

GoogleCodeExporter commented 8 years ago
Yep, I think I will finish it in the weekend (I will add here the diff file; I 
count to clean a little the HOTP code as well :)

Original comment by b1ga...@gmail.com on 18 Jan 2013 at 1:46

GoogleCodeExporter commented 8 years ago
I'm sorry for the delay, but I have 4 computer not working because of "bad 
weather" (call it just "bad weather" is funny btw); however i hope to begin 
code again soon, will let you know in the next days :)

Original comment by b1ga...@gmail.com on 23 Jan 2013 at 12:18

GoogleCodeExporter commented 8 years ago
I've added the support to the time based authentication (few days ago, but 
still haven't updated the SVN); I'm also adding the one time passwords to be 
used like in Google two steps authentication in case you lose your token 
generator.
Will let you know soon when it will be ready.
Right now I'm working on upgrading the database if coming from a previous 
version of yubiserve.

Original comment by b1ga...@gmail.com on 8 Feb 2013 at 1:21

GoogleCodeExporter commented 8 years ago
how are you getting on?

I've added a some unit testing.  It still has more tests to go, but performs 10 
tests so far.  The unit tests I am performing are external, IE, using pycurl, 
rather than making method calls. 

Original comment by glen.ogilvie@gmail.com on 3 Mar 2013 at 7:41

GoogleCodeExporter commented 8 years ago
One of the worst things done in yubiserve is using a permanent mysql 
connection. With the new implementation, the connection will be kept just as 
long as the otp is verified, and then dropped. This way both yubiserve and 
mysql will keep their resources free and less memory will be used; this was by 
the way one of the issues that needed to be fixed in an unusual way and thy the 
test suite has been made in first place. I hope we will be able to live without 
it! :P

Original comment by b1ga...@gmail.com on 17 Apr 2013 at 8:22

GoogleCodeExporter commented 8 years ago
Any updates on this or any way we can help? I'd love to get TOTP working 
through yubico-yubiserve

Original comment by chris...@gmail.com on 4 Sep 2013 at 2:08

GoogleCodeExporter commented 8 years ago
The last I've seen is, the is a branch under way:
http://code.google.com/p/yubico-yubiserve/source/browse/branches/4.0

I think b1galez has been busy, so has not done much on it recently.

Please feel free to contribute. Please let me know if you would like commit 
access, or have patches you would like applied.

Original comment by glen.ogilvie@gmail.com on 6 Sep 2013 at 9:22