[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OATH Toolkit 2.6.5
From: |
Simon Josefsson |
Subject: |
OATH Toolkit 2.6.5 |
Date: |
Wed, 30 Dec 2020 10:47:11 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hi! This release fixes the long-standing issue of suppluing secrets on
the command line. Thanks to everyone who worked on discussions and
patches related to this.
** oathtool: Support for reading KEY and OTP from standard input or filename.
KEY and OTP may now be given as '-' to mean stdin, or @FILE to read
from a particular file. This is recommended on multi-user systems,
since secrets as command line parameters leak. Based on a patch from
Ian Jackson <ijackson@chiark.greenend.org.uk>. Fixes #6.
** pam_oath: Fix unlikely logic fail on out of memory conditions.
Patch from Matthias Gerstner.
** Doc fixes.
Happy hacking,
Simon
The OATH Toolkit makes it easy to build one-time password authentication
systems. It contains shared libraries, command line tools and a PAM
module. Supported technologies include the event-based HOTP algorithm
(RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for
Open AuTHentication, which is the organization that specify the
algorithms. For managing secret key files, the Portable Symmetric Key
Container (PSKC) format described in RFC6030 is supported.
The components included in the package is:
* liboath: A shared and static C library for OATH handling.
* oathtool: A command line tool for generating and validating OTPs.
* pam_oath: A PAM module for pluggable login authentication for OATH.
* libpskc: A shared and static C library for PSKC handling.
* pskctool: A command line tool for manipulating PSKC data.
The project's web page is available at:
https://www.nongnu.org/oath-toolkit/
Documentation for the command line tools oathtool and pskctool:
https://www.nongnu.org/oath-toolkit/oathtool.1.html
https://www.nongnu.org/oath-toolkit/pskctool.1.html
https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-pskctool.html
Manual for PAM module:
https://www.nongnu.org/oath-toolkit/pam_oath.html
Liboath Manual:
https://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.html
Libpskc Manual
https://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html
If you need help to use the OATH Toolkit, or want to help others, you
are invited to join our oath-toolkit-help mailing list, see:
https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
Here are the compressed sources of the entire package:
https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.5.tar.gz
https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.5.tar.gz.sig
The software is cryptographically signed by the author using an OpenPGP
key identified by the following information:
pub ed25519 2019-03-20 [SC]
B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE
uid [ultimate] Simon Josefsson <simon@josefsson.org>
The key is available from:
https://josefsson.org/key-20190320.txt
I have changed key since older releases, see my transition statement:
https://blog.josefsson.org/2019/03/21/openpgp-2019-key-transition-statement/
https://blog.josefsson.org/2014/06/23/openpgp-key-transition-statement/
Here are the SHA-1 and SHA-224 checksums:
31eff0b9bcc4dd5f397b9abc0cf2ccdb99615c9e oath-toolkit-2.6.5.tar.gz
5dd716a98749ba22bfe5fa8597f8b6ee7a01dda744ec3ee462ffd3e2
oath-toolkit-2.6.5.tar.gz
General information on contributing:
https://www.nongnu.org/oath-toolkit/contrib.html
OATH Toolkit GitLab project page:
https://gitlab.com/oath-toolkit/oath-toolkit
OATH Toolkit Savannah project page:
https://savannah.nongnu.org/projects/oath-toolkit/
Code coverage charts:
https://oath-toolkit.gitlab.io/oath-toolkit/coverage/
Clang code analysis:
https://oath-toolkit.gitlab.io/oath-toolkit/clang-analyzer/
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- OATH Toolkit 2.6.5,
Simon Josefsson <=