AW: google authenticator and commercial otp

the2nd the2nd at
Wed Sep 23 19:02:19 CEST 2015

In a few months you may use OTPme ( The current version does not support OATH tokens but the next version will. I successfully tested HOTP and TOTP tokens like the yubikey or google authenticator. Freeradius integration is done via rlm_python.

If you want to keep otpd and want to write your own freeradius module you may have a look at the otpme module. It should be a good starting point.


<div>-------- Urspr√ľngliche Nachricht --------</div><div>Von: Michael A Hawkins <mhawkins.consultant at> </div><div>Datum:09.23.2015  18:39  (GMT+01:00) </div><div>An: freeradius-users at </div><div>Betreff: google authenticator and commercial otp </div><div>
</div>Alan said, "There are a number of commercial ones which work.  The
google authenticator also works."

Commercial means I usually (almost always) can't use my own tokens
sourced from my own token supplier. I liked it that otpd allowed me to
source tokens from wherever I wanted. All I needed was a supplier with a
cost effective token and a supplier willing to supply me with the seeds
too. Commercial suppliers usually lock you into their tokens, their
servers, their solution or all of the above.

google authenticator doesn't fit in my wallet. I've always believed that
the least likely item to be lost or misplaced by a user is their own
wallet. Cell phones, not so much. A users wallet contains stuff that is
far more important than a cell phone. Cell phones get lost, stolen far
more often than wallets.

If rlm_otp is to be removed. Against which module would I rewrite otpd
so that it could continue to work with freeradius? From googling, it
looks like alot of other otpd solutions out there use a perl module to
interact with freeradius. Is that the only way? Is there a better way?

Thanks again,


List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list