LinOTP

A size limit was implemented for LDAP-Resolver, making it even easier to handle LDAP trees with several thousand users.
There was an administrative rollout of Google Authenticator (event, time). A back_perl module was included for setting up an OTP capable LDAP proxy. Unassign, delete, enable, and imprint were added to selfservice. It is now possible to completely customize the look and feel. Support for VASCO Digipass GO tokens was added. The name of the Google Authenticator can be configured. Mass rollout of YubiKeys is now supported. A tool was provided to determine the serial number of an unknown token by giving the OTP value (HOTP, TOTP, and VASCO). Session protection was implemented in the Web API.

This release adds a new audit framework to track administrative tasks and authentication events. The audit framework supports PCI DSS requirements, is OATH-certified for HOTP and TOTP tokens, and connects to simpleSAMLphp and OpenID. The new token types TOTP, Remote Token, RADIUS Token, Tagespasswort, and Yubikey have been added. A Remote Token can forward authentication requests to another LinOTP server to set up complex, distributed authentication scenarios with, for example, branch offices. A RADIUS Token forwards the authentication request to a RADIUS server for smooth migrations. It supports Yubikey in HOTP mode.

This release adds a framework for configuring complex policies to define behavior in the administration, rollout, and self-service. You may define policies for setting the OTP PIN during enrollment or to restrict the rights of certain administrators in certain realms. Tokens can be assigned to specific realms so that the administration within one realm can be even more encapsulated.
Improved logging for generating audit information.
Simple rollout of smartphone tokens using QR codes.
Autoresync of HOTP tokens. Better support for redundant RADIUS setup.

The new core features are a Web UI for managing tokens and the new token type SMS OTP. OTP values can be sent via SMS either by using an HTTP SMS gateway or a mobile phone attached to the LinOTP server. The tokenclass was optimized, so that it is now even easier to add new token types to LinOTP. The self service portal was improved. The checkPass function was added to useridresolvers, so that authentication to the selfservice portal can be made transparent with existing user store passwords. The possibility to configure PrependPIN, ResetFailCounter, and IncFailCount was added.

Multi-client capability: by supporting multiple SQL, LDAP, and flat file instances and grouping those UserIdResolvers to realms, flexible authentication scenarios are now possible). A Self Service portal. A new token type: Simple Pass. Enrolling eToken NG OTP now allows setting a manual or a random password. The management client now writes log files. API documentation has been added. There are packages Fedora 13 and Ubuntu 9.10 and 10.04 LTS, and an install CD for the LinOTP server. There is an all-in-one Windows installer for the management client.