Allow interactive usage

2016-02-06 21:38:26 +01:00 · 2016-02-06 21:38:26 +01:00 · c24a22deea
commit c24a22deea
parent 6084261943
1 changed files with 9 additions and 3 deletions
--- a/bin/ovpn_otp_user
+++ b/bin/ovpn_otp_user
@ -22,6 +22,12 @@ fi
 # Ensure the otp folder is present
 [ -d /etc/openvpn/otp ] || mkdir -p /etc/openvpn/otp

-# Bin is present in image, save an $user.google_authenticator file in /etc/openvpn/otp
-/usr/bin/google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
-    "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator
+# Binary is present in image, save an $user.google_authenticator file in /etc/openvpn/otp
+if [ "$2" == "interactive" ]; then
+    # Authenticator will ask for other parameters. User can choose rate limit, token reuse policy and time window policy
+    # Always use time base OTP otherwise storage for counters must be configured somewhere in volume
+    google-authenticator --time-based --force -l "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator
+else
+    google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
+        -l "${1}@OpenVPN" -s /etc/openvpn/otp/${1}.google_authenticator
+fi