FreeIPA
Draft version. Content is hallucinated. Do not use!
authentication

OTP Configuration

Configure global one-time password authentication settings. OTP configuration defines TOTP and HOTP parameters including algorithm selection (SHA1, SHA256, SHA512), token time step intervals, and authentication window sizes. Features include configuration modification for organization-wide OTP standards and integration with user OTP tokens for two-factor authentication enforcement.

2 commands
authentication
otp 2fa totp

Manage the default values that IPA uses for OTP tokens.

EXAMPLES

Show basic OTP configuration:

ipa otpconfig-show

Show all OTP configuration options:

ipa otpconfig-show --all

Change maximum TOTP authentication window to 10 minutes:

ipa otpconfig-mod --totp-auth-window=600

Change maximum TOTP synchronization window to 12 hours:

ipa otpconfig-mod --totp-sync-window=43200

Change maximum HOTP authentication window to 5:

ipa hotpconfig-mod --hotp-auth-window=5

Change maximum HOTP synchronization window to 50:

ipa hotpconfig-mod --hotp-sync-window=50

Commands

Command Description

otpconfig-mod Modify OTP configuration options.

otpconfig-show Show the current OTP configuration.

otpconfig-mod

Usage: ipa [global-options] otpconfig-mod [options]

Modify OTP configuration options.

Options

Option Description

--totp-auth-window TOTP-AUTH-WINDOW TOTP authentication time variance (seconds)

--totp-sync-window TOTP-SYNC-WINDOW TOTP synchronization time variance (seconds)

--hotp-auth-window HOTP-AUTH-WINDOW HOTP authentication skip-ahead

--hotp-sync-window HOTP-SYNC-WINDOW HOTP synchronization skip-ahead

--setattr SETATTR Set an attribute to a name/value pair. Format is attr=value.

--addattr ADDATTR Add an attribute/value pair. Format is attr=value. The attribute

--delattr DELATTR Delete an attribute/value pair. The option will be evaluated

--rights Display the access rights of this entry (requires —all). See ipa man page for details.

--all Retrieve and print all attributes from the server. Affects command output.

--raw Print entries as stored on the server. Only affects output format.

otpconfig-show

Usage: ipa [global-options] otpconfig-show [options]

Show the current OTP configuration.

Options

Option Description

--rights Display the access rights of this entry (requires —all). See ipa man page for details.

--all Retrieve and print all attributes from the server. Affects command output.

--raw Print entries as stored on the server. Only affects output format.

Related Topics

otptoken user