OpenOTP
383 views
Skip to first unread message
Yogesh Srivastava
Oct 12, 2012, 10:14:30 AM10/12/12
to RCDevs Security Solutions - Technical
Hi
I want to know about OpenOTP for one of our project which may require
2 factor authentication. Having searched on internet I found OpenOTP
as a good candidate. But I have below questions:
1. Does OpenOTP provide Soft token or hardware tokens?
2. If we want to provide seed generated by OpenOTP server to our
partners who have token generation server(TOTP or HOTP) using
different Auth tool. Will OpenOTP be able to validate the On-time-
password generated using seed we provided?
3. What are the costs involved (including test/dev/2 production sites)
100 users + any support costs – over 5 years!
4. Can we have User/Password/Seeds stored in the Oracle DB as oppose
to LDAP?
5. We want to run it on Sun Solaris – any issues?
Thanks
Yogesh
I want to know about OpenOTP for one of our project which may require
2 factor authentication. Having searched on internet I found OpenOTP
as a good candidate. But I have below questions:
1. Does OpenOTP provide Soft token or hardware tokens?
2. If we want to provide seed generated by OpenOTP server to our
partners who have token generation server(TOTP or HOTP) using
different Auth tool. Will OpenOTP be able to validate the On-time-
password generated using seed we provided?
3. What are the costs involved (including test/dev/2 production sites)
100 users + any support costs – over 5 years!
4. Can we have User/Password/Seeds stored in the Oracle DB as oppose
to LDAP?
5. We want to run it on Sun Solaris – any issues?
Thanks
Yogesh
Administrators
Oct 12, 2012, 11:52:39 AM10/12/12
to RCDevs Security Solutions - Technical
1. OpenOTP works with both software and hardware Tokens. Any OATH
Token (soft/hard) is supported including time-based Tokens (TOTP),
event-based Tokens (HOTP) and challenge-based Tokens (OCRA).
Additionally mOTP soft Tokens, Yubikeys hard Token and out-of-band OTP
(SMS / Email) are supported too.
2. In OpenOTP Token registration, you can provide a pre-generated seed
or let OpenOTP generate a random seed. Hardware Token have hard-coded
seeds.
If your partner provide you the seeds, then you can register the
Tokens on your directory users using these seeds and that will work.
Note: Event-based tokens are problematic if used on several validation
servers because the servers have to keep the counter in sync. Better
use TOTP tokens in this case.
3. Please contact the RCDEVS sales at sa...@rcdevs.com for commercial
and licensing questions. OpenOTP can be purchased via subscription or
permanent licenses.
4. WebADM/OpenOTP uses LDAP as backend. It use LDAP users and OpenOTP
stores user data including Token registration data directly in the
users for a maximum of consistency. There is also no replication of
users in a secondary DB. But OpenOTP needs LDAP users for ex.
OpenLDAP, ActiveDirectory, Apple Directory, Novell...
5. The software runs on Linux (any version and distribution is
supported). The installation packages are compiled for Linux only.
On Oct 12, 4:14 pm, Yogesh Srivastava <yogeshsrivast...@gmail.com>
wrote:
Token (soft/hard) is supported including time-based Tokens (TOTP),
event-based Tokens (HOTP) and challenge-based Tokens (OCRA).
Additionally mOTP soft Tokens, Yubikeys hard Token and out-of-band OTP
(SMS / Email) are supported too.
2. In OpenOTP Token registration, you can provide a pre-generated seed
or let OpenOTP generate a random seed. Hardware Token have hard-coded
seeds.
If your partner provide you the seeds, then you can register the
Tokens on your directory users using these seeds and that will work.
Note: Event-based tokens are problematic if used on several validation
servers because the servers have to keep the counter in sync. Better
use TOTP tokens in this case.
3. Please contact the RCDEVS sales at sa...@rcdevs.com for commercial
and licensing questions. OpenOTP can be purchased via subscription or
permanent licenses.
4. WebADM/OpenOTP uses LDAP as backend. It use LDAP users and OpenOTP
stores user data including Token registration data directly in the
users for a maximum of consistency. There is also no replication of
users in a secondary DB. But OpenOTP needs LDAP users for ex.
OpenLDAP, ActiveDirectory, Apple Directory, Novell...
5. The software runs on Linux (any version and distribution is
supported). The installation packages are compiled for Linux only.
On Oct 12, 4:14 pm, Yogesh Srivastava <yogeshsrivast...@gmail.com>
wrote:
Yogesh Srivastava
Oct 19, 2012, 10:15:20 AM10/19/12
to rcdevs-t...@googlegroups.com
Hi
Thanks for your reply. Much appreciated!
Is it supportable on Solaris as you metioned Liniux platform? Is OpenOTP modules like WebADM,Authentication server etc are .war file deployded on Tomcat/web logic?
Thanks
Yogesh
Thanks for your reply. Much appreciated!
Is it supportable on Solaris as you metioned Liniux platform? Is OpenOTP modules like WebADM,Authentication server etc are .war file deployded on Tomcat/web logic?
Thanks
Yogesh
Administrators
Oct 19, 2012, 10:32:53 AM10/19/12
to RCDevs Security Solutions - Technical
No. It's compiled products for Linux32 (glibc>=2.2).
It runs on any Linux32 distribution (RedHat, CentOS, SuSe, Debian,
Ubuntu...) and on the 64bit variants as long as you have the 32bit
present (libc6-i686, ia32-libs).
So to respond : It's not java-based and does not run under Tomcat.
The software only requires Linux OS. There is no other system
dependency (such as required packages).
On Oct 19, 4:15 pm, Yogesh Srivastava <yogeshsrivast...@gmail.com>
wrote:
> Hi
>
It runs on any Linux32 distribution (RedHat, CentOS, SuSe, Debian,
Ubuntu...) and on the 64bit variants as long as you have the 32bit
present (libc6-i686, ia32-libs).
So to respond : It's not java-based and does not run under Tomcat.
The software only requires Linux OS. There is no other system
dependency (such as required packages).
On Oct 19, 4:15 pm, Yogesh Srivastava <yogeshsrivast...@gmail.com>
wrote:
> Hi
>
> Thanks for your reply. Much appreciated!
>
> Is it supportable on Solaris as you metioned Liniux platform? Is OpenOTP
> modules like WebADM,Authentication server etc are .war file deployded on
> Tomcat/web logic?
>
> Thanks
> Yogesh
>
>
>
>
>
>
>
> On Friday, October 12, 2012 4:52:40 PM UTC+1, Administrators wrote:
>
> > 1. OpenOTP works with both software and hardware Tokens. Any OATH
> > Token (soft/hard) is supported including time-based Tokens (TOTP),
> > event-based Tokens (HOTP) and challenge-based Tokens (OCRA).
> > Additionally mOTP soft Tokens, Yubikeys hard Token and out-of-band OTP
> > (SMS / Email) are supported too.
>
> > 2. In OpenOTP Token registration, you can provide a pre-generated seed
> > or let OpenOTP generate a random seed. Hardware Token have hard-coded
> > seeds.
> > If your partner provide you the seeds, then you can register the
> > Tokens on your directory users using these seeds and that will work.
> > Note: Event-based tokens are problematic if used on several validation
> > servers because the servers have to keep the counter in sync. Better
> > use TOTP tokens in this case.
>
> > 3. Please contact the RCDEVS sales at sa...@rcdevs.com <javascript:> for
>
> Is it supportable on Solaris as you metioned Liniux platform? Is OpenOTP
> modules like WebADM,Authentication server etc are .war file deployded on
> Tomcat/web logic?
>
> Thanks
> Yogesh
>
>
>
>
>
>
>
> On Friday, October 12, 2012 4:52:40 PM UTC+1, Administrators wrote:
>
> > 1. OpenOTP works with both software and hardware Tokens. Any OATH
> > Token (soft/hard) is supported including time-based Tokens (TOTP),
> > event-based Tokens (HOTP) and challenge-based Tokens (OCRA).
> > Additionally mOTP soft Tokens, Yubikeys hard Token and out-of-band OTP
> > (SMS / Email) are supported too.
>
> > 2. In OpenOTP Token registration, you can provide a pre-generated seed
> > or let OpenOTP generate a random seed. Hardware Token have hard-coded
> > seeds.
> > If your partner provide you the seeds, then you can register the
> > Tokens on your directory users using these seeds and that will work.
> > Note: Event-based tokens are problematic if used on several validation
> > servers because the servers have to keep the counter in sync. Better
> > use TOTP tokens in this case.
>
Reply all
Reply to author
Forward
0 new messages