PHP Classes

File: raspberry/how-to-build-a-raspberry-strong-authentication-server.txt

Recommend this page to a friend!
  Classes of André Liechti   multiOTP PHP class   raspberry/how-to-build-a-raspberry-strong-authentication-server.txt   Download  
File: raspberry/how-to-build-a-raspberry-strong-authentication-server.txt
Role: Documentation
Content type: text/plain
Description: Documentation
Class: multiOTP PHP class
Authenticate and manage OTP strong user tokens
Author: By
Last change: New release
ENH: LDAP filter can be customized using SetLdapFilter() method ({cn_identifier}, {username}, and {groups_filtering} placeholders are supported)
ENH: Full PHP 8.x support (tested with 8.2.1 and 8.1.14), with backward compatibility support (7.x, >=5.4.x)
ENH: Enhanced AD/LDAP paging support
ENH: Embedded Windows nginx edition updated to version 1.22.1
ENH: Embedded Windows PHP edition updated to version 8.2.0
ENH: PHP 8.2.x deprecated code cleaned (nullable trim, dynamic properties, PostgreSQL command without connection argument)
ENH: Enhanced sms library (MultiotpSms), new eCall API implementation, new ASPSMS API implementation
ENH: Better MySQL error handling
ENH: Better PostgreSQL error handling
New release
New release
ENH: It's now possible to define a special AD/LDAP group to attribute "Without2FA" token to specific users
ENH: Default username and password are not displayed anymore if default password has been changed
Enhanced multiOTP Credential Provider support
New release
FIX: Better special characters support in username and password
ENH: The locked accounts list now also list the temporary delayed accounts
ENH: Accounts with Without2FA tokens can now also be stored in cache
New release
ENH: Command -iswithout2fa added as a CLI option (to check if a token is needed)
ENH: Enhanced multiOTP Credential Provider
ENH: Additional CLI option -nt-key-only added
New release
FIX: Issue with /run/php when a Docker container is restarted
FIX: {MultiOtpVersion} is now correctly replaced in scratchtemplate.html
ENH: {MultiOtpDisplayName} tag (AD/LDAP DisplayName) can be used in templates
FIX: User account containing octal encoded ISO characters are now also converted to UTF
New release
FIX: Set specific flags to run Perl scripts from FreeRADIUS
FIX: User account containing special ISO characters are now also converted to UTF
ENH: New Hyper-V and OVA appliances available (version 011, based on Debian 11)
ENH: Scratchlist can be generated from the Web GUI
Date: 6 months ago
Size: 3,526 bytes


Class file image Download
How to build a Raspberry Pi RADIUS strong two factors authentication server in some easy steps ? ================================================================================================ (c) 2010-2023 SysCo systemes de communication sa Current build: (2023-01-19) Supported Raspberry Pi hardware: 1B/1B+/2B/3B/3B+/4B 0) If you want to download a multiOTP Raspberry Pi image ready to use, follow this URL: Nano-computer name: multiotp IP address: (netmask:, default gateway: Username: pi Password: raspberry You can now flash the SD Card (check point 3) and 4) if needed), put the SD Card into the Raspberry Pi and boot it. You can go directly to point 15) 1) If you want to use a battery backed up Real Time Clock, install it now in your Raspberry Pi, the drivers for these models are included in the package: 2) Download the last image of Raspbian Lite to be flashed (currently 3) Format your SD Card using the SD Card Association’s formatting tool 4) Flash the raw image using the universal Windows/macOS/Linux Etcher from Balena: or Win32DiskImager for Windows: or the dd UNIX tool This should take about 10 minutes. 5) Copy all files from multiotp/raspberry/boot-part to the root of the SD Card (it could overwrite some files like config.txt, were we have already enabled the I2C) 6) When copy is done, eject the SD Card 7) Connect the Raspberry Pi to the local network 8) Put the SD card into the Raspberry Pi and boot it 9) Login directly on your Raspberry Pi, or using SSH, with the default username "pi" and the password "raspberry" 10) Launch the initial configuration by typing sudo raspi-config 11) Choose the following options 1) Change User Password 2) Network options N1) N1 Hostname (change the hostname to your favorite name, for example "multiotp") 4) Localization Options (if needed) 7) Advanced Options A1) Expand Filesystem 12) Select Finish and answer "<Yes>" to reboot, or type "sudo reboot" 13) Login again directly (after about 30 seconds) on your Raspberry Pi, or using SSH, with the default username "pi" and your new password 14) Type "sudo /boot/" Everything is done automatically (it will take about 35 minutes) and the Raspberry Pi will reboot automatically at the end 15) The fixed IP address is set to, with a default gateway at To adapt the network configuration, edit the file /etc/network/interfaces 16) Congratulations! You have now an open source and fully OATH compliant strong two factors authentication server! Surf on http(s):// to use the basic interface (admin / 1234) 17) The default radius secret is set to myfirstpass for the subnet To adapt the freeradius configuration, edit the file /etc/freeradius/clients.conf.