libpam-google-authenticator 20160607-2+b1 / usr / share / doc / libpam-google-authenticator / FILEFORMAT

This file is indexed.

/usr/share/doc/libpam-google-authenticator/FILEFORMAT is in libpam-google-authenticator 20160607-2+b1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
All configuration data and state is kept in ~/.google_authenticator
The file is all ASCII, but is kept in a very simple-to-parse and rigid
file format.

The file size is currently limited to 1kB. This should be generous even
when using a very large list of scratch codes.

The first line is the base32 encoded secret. It uses characters in the range
A..Z2..7.

The following lines are optional. They all start with a double quote character,
followed by a space character. Followed by an option name. Option names are
all upper-case and must include an underscore. This ensures that they cannot
accidentally appear anywhere else in the file.

Options can be followed by option-specific parameters.

Currently, the following options are recognized:

  DISALLOW_REUSE
    if present, this signals that a time-based token can be used
    at most once. Any attempt to log in using the same token will be denied.
    This means that users can typically not log in faster than once every
    ~30 seconds.

    The option is followed by a space-separated list of time stamps that
    have previously been used for login attempts.

    This option has no effect when HOTP_COUNTER is present.

  RATE_LIMIT n m ...
    this optional parameter restricts the number of logins to at most "n"
    within each "m" second interval. Additional parameters in this line are
    undocumented; they are used internally to keep track of state.

  TOTP_AUTH
    the presence of this option indicates that the secret can be used to
    authenticate users with a time-based token.

  HOTP_COUNTER n
    the presence of this option indicates that the secret can be used to
    authenticate users with a counter-based token.  The argument "n"
    represents which counter value the token will accept next.  It should
    be initialized to 1.

  WINDOW_SIZE n
    the default window size is 3, allowing up to one extra valid token
    before and after the currently active one. This might be too restrictive
    if the client and the server experience significant time skew.
    You can provide a parameter to increase the login window size from 3 to "n"

    In counter-based mode, this option is the number of valid tokens after
    the currently active one.  The default is almost certainly too restrictive
    for most users as invalid login attempts and generated-but-not-used
    tokens both contribute to synchronization problems.


Any all-numeric sequence of eight-digit numbers are randomly generated
one-time tokens. The user can enter any arbitrary one-time code
to log into his account. The code will then be removed from the file.

APT Browse - Built by Thomas Orozco.