OTP 2nd-Factor authentication service

Contents

• OTP 2nd-Factor authentication service

  • Setup

  • EAPI methods

    • otp.check

    • otp.destroy

Provides OTP 2FA, see Two-factor OTP authentication for more details.

Setup

Use the template EVA_DIR/share/svc-tpl/svc-tpl-aaa-otp.yml:

# OTP auth service
command: svc/eva-aaa-otp
bus:
  path: var/bus.ipc
config:
  # user accounts to exclude OTP checking
  exclude: []
user: nobody

Create the service using eva-shell:

eva svc create eva.aaa.otp /opt/eva4/share/svc-tpl/svc-tpl-aaa-otp.yml

or using the bus CLI client:

cd /opt/eva4
cat DEPLOY.yml | ./bin/yml2mp | \
    ./sbin/bus ./var/bus.ipc rpc call eva.core svc.deploy -

(see eva.core::svc.deploy for more info)

EAPI methods

See EAPI commons for the common information about the bus, types, errors and RPC calls.

otp.check

Description	Checks OTP password for the given account
Parameters	required
Returns	If OTP is required, returns “OTP|svc|REQ” in the error message, for new OTP setup returns “OTP|svc|SETUP=SECRET”

Parameters

Name	Type	Description	Required
login	String	Account login	yes
otp	String/null	One-time password	yes

otp.destroy

Description	Destroys OTP for the account
Parameters	required
Returns	nothing

Parameters

Name	Type	Description	Required
i	String	Account login	yes