OATH Toolkit

The OATH Toolkit contains a shared library, command line tool and a PAM module that makes it possible to build one-time password authentication systems. Supported technologies include the event-based HOTP algorithm and the time-based TOTP algorithm. OATH is the Open AuTHentication organization which specify the algorithms.

The components included in the package is:

• liboath: A shared and static C library for OATH handling.
• oathtool: A command line tool for generating and validating OTPs.
• pam_oath: A PAM module for pluggable login authentication for OATH.

Some external references for further information:

• OATH organization home page
• OATH technical specification
• RFC 4226 on HOTP.
• RFC 6238 on TOTP.

News and status

The package is known to work but not widely tested yet.

• 2011-05-24: Version 1.10.0 released, adding TOTP support for PAM.
• 2011-05-03: Version 1.8.0 released, adding strerror APIs.
• 2011-02-22: Version 1.6.0 released, adding TOTP validation in liboath.
• 2011-01-20: Version 1.4.3 released, important bug fix for pam_oath to make one-factor authentication work.
• 2011-01-15: Version 1.4.0 released, support for TOTP and callback-based HOTP validation for hashed OTPs.
• 2011-01-01: Version 1.2.2 released.
• 2010-12-28: Version 1.2.1 released.
• 2010-12-27: Version 1.2.0 released, consisting of shared library, command line tool and PAM module. The project is a fork of the earlier HOTP Toolkit
• 2010-12-27: the OATH Toolkit project was forked from the earlier HOTP Toolkit.
• 2010-12-27: Version 1.0.1 released, containing bug fixes.
• 2009-12-09: Version 1.0.0 released, consisting of shared library, command line tool and PAM module.

Download

Binary packages for some systems are available. If you package it for any other system, please let us know!

• Debian package
• Ubuntu
• Ubuntu PPA
• NetBSD package [1][2], thanks to Fredrik Pettai
• Packages are available for Mandriva Cooker and Mageia Cauldron, thanks to Mitya.

Download packaged source code via Savannah's download area:

http://download.savannah.nongnu.org/releases/oath-toolkit/

Check out the code using git:

git clone git://git.savannah.nongnu.org/oath-toolkit.git

You can browse the git repository too.

Documentation

Reference API Manual

Man-page for oathtool

Manual for PAM module

Support

Mailing list

Developer resources

Savannah OATH Toolkit Project page

Bug tracker

Code browser

Code coverage report

Clang code analysis