libpam-google-authenticator 20110413.68230188bdc7-1.1 / usr / share / doc / libpam-google-authenticator / FILEFORMAT

This file is indexed.

/usr/share/doc/libpam-google-authenticator/FILEFORMAT is in libpam-google-authenticator 20110413.68230188bdc7-1.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
All configuration data and state is kept in ~/.google_authenticator
The file is all ASCII, but is kept in a very simple-to-parse and rigid
file format.

The file size is currently limited to 1kB. This should be generous even
when using a very large list of scratch codes.

The first line is the base32 encoded secret. It uses characters in the range
A..Z2..7.

The following lines are optional. They all start with a double quote character,
followed by a space character. Followed by an option name. Option names are
all upper-case and must include an underscore. This ensures that they cannot
accidentally appear anywhere else in the file.

Options can be followed by option-specific parameters.

Currently, the following options are recognized:

  DISALLOW_REUSE
    if present, this signals the a time-based token can only ever be used
    exactly once. Any attempt to log in using the same token will be denied.
    This means, that users can typically not log in faster than once every
    ~30 seconds.

    The option is followed by a space-separated list of time stamps that
    have previously been used for login attempts.

  RATE_LIMIT n m ...
    this optional parameter restricts the number of logins to at most "n"
    within each "m" second interval. Additional parameters in this line are
    undocumented; they are used internally to keep track of state.

  TOTP_AUTH
    the presence of this option indicates that the secret can be used to
    authenticate users with a time-based token.

  WINDOW_SIZE n
    the default window size is 3, allowing up to one extra valid token
    before and after the currently active one. This might be too restrictive
    if the client and the server experience significant time skew.
    You can provide a parameter to increase the login window size from 3 to "n"

Any all-numeric sequence of eight-digit numbers are randomly generated
one-time tokens. The user can enter any arbitrary one-time code
to log into his account. The code will then be removed from the file.

APT Browse - Built by Thomas Orozco.