Release Notes: This release fixes a usersfile bug which caused it to update the wrong line, and fixes a security vulnerability (CVE-2013-7322).
Release Notes: This release adds new liboath API methods for validating TOTP OTPs. The new methods (oath_totp_validate3 and oath_totp_validate3_callback) introduce a new parameter *otp_counter, which is set to the actual counter used to calculate the OTP (unless it is a NULL pointer).
Release Notes: This release adds functions for creating PSKC data to libpskc. In liboath, it permits different passwords for different tokens for the same user. It improves building from git with the most recent automake and gengetopt. Valgrind is not enabled by default. The liboath header file is usable from C++ (extern "C" guard).
Release Notes: Base32 decoding of keys is now more liberal in what it accepts. If the password in usersfile is "+", it ignores the supplied password. This release fixes the expiry date of some certificates used in the test suite.
Release Notes: Signing and verifying PSKC data using XML Digital Signatures and X.509 certificates are now supported by the library and commandline tool. Validation of PSKC data according to the XML Schema is now complete (previously, the XMLDsig+XMLEncryption parts did not work). The --check parameter to pskctool has been renamed to --info.
Release Notes: This release supports the Portable Symmetric Key Container (PSKC) data format specified in RFC 6030 for dealing with key provisioning. There is a new low-level library libpskc for managing PSKC data for application developers and a new commandline tool pskctool for interacting with PSKC data for users.
Release Notes: The liboauth usersfile is now fflush'ed and fsync'ed. A memory leak was fixed. The oathtool --counter parameter now works on 32-bit platforms.
Release Notes: The oathtool --counter parameter now supports larger values.
Release Notes: Usersfile code now handles multiple lines for a single user, to support when a single user carries multiple tokens (with different OATH secrets) and any of them should be permitted.
Release Notes: The PAM_OATH "try_first_pass" feature should now work.