Projects / RCDevs OpenOTP

RCDevs OpenOTP

RCDevs OpenOTP Server provides two-factor authentication with one-time passwords (OTP). It supports OATH RFC-4226 HOTP (Event-based) and TOTP (Time-based), OCRA (Challenge-based), Mobile-OTP, YubiKey Software/Hardware Tokens, SMSOTP, MailOTP, and OTP lists. It provides a SOAP/XML, RADIUS, and OpenID APIs and integrates into your LDAP (OpenLDAP, Novell, ActiveDirectory). It works with Web applications, VPNs, Linux PAM, Microsoft, and more. It is composed of the RCDevs WebADM server application, the OpenOTP SOAP service, the OpenOTP Radius Bridge, the User Self-service Desk, and Token Self-enrollemnt end-user Web application. VMWare appliances and Web demos are available.

Operating Systems

Last announcement

Easy migrate from a two-factor solution to OpenOTP 18 Apr 2011 09:59

OpenOTP includes a new OTP Type (PROXY) to enable automatic forwarding of login requests to a third-party RADIUS server. This functionality allows an organization which already uses an authentication server to smoothly switch to OpenOTP. In that case, you can set OpenOTP default OTP Type to the PROXY mode and gradually enroll OpenOTP Tokens for your users.

Recent releases

  •  11 Jun 2014 10:18

    Release Notes: This release supports hardware cryptography with YubiHSM from Yubico. HSMs are used for token seed generation, SMS/mail passwords and OCRA challenges, and token secret storage (AES-256-CBC mode). Server-side concatenated passwords are now supported for simpler integrations in non-challenged mode. The update also includes a lot of other features and some fixes.

    •  27 Sep 2013 16:26

      Release Notes: This release contains many fixes and new features. It supports expired passwords detection, SafeNet Tokens, additional APIs, OTP PIN codes, Token import via serial numbers, and more.

      •  22 Jan 2013 16:33

        Release Notes: This major release includes several important new features, including support for multiple Tokens per user, new OTP fallback methods, a new simpleLogin API, and a new RadiusBridge.

        •  02 Jan 2013 15:49

          Release Notes: This release adds support for geolocalization and IP location-based policies, adds a new XML-RPC API, improves logging, and fixes OCRA Tokens.

          •  22 Jul 2012 14:47

            Release Notes: SMSOTP and MailOTP support for sending OTPs to several numbers/addresses per-user. MailOTP subject can be customized. The user blocking management was enhanced. Blocking alerts were added. An HOTP resync problem was fixed. A PSKC export problem was fixed. New requests are optionally allowed when a session is already started after a delay of 5 seconds (the existing session is dropped the and user does not have to wait for the challenge timeout). A 'Service Name' setting was added for customizing the Google Authenticator display name. A Manager function was added for checking user blocking status.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.