LinOTP 2 modular architecture

Attention: open in a new window. PDFPrintE-mail

There is a schematic of the overall architecture of LinOTP 2. As this is rather screen filling, you should open this schematic in another window.

Other than in LinOTP 1 all communication is dispatched by a central LinOTPd service. The LinOTPd has several interfaces to all components involved. At the moment, there are 4 interfaces:

  • Authentication
  • Management
  • Tokenstore
  • Userstore

Each component is connected to LinOTPd via one and only one interface. No componet is communicating with another component, but all components are only communicating with the LinOTPd.

Userstore

LinOTPd will only read information from your user store. It will not need write access to your user database and will not have to modify it. Different UserIdResolvers can be plugged into LinOTPd, so that the logic, how to get the user information from a certain user store is encapsulated within this special UserIdResolver.

At the moment LinOTPd provides UserIdResolvers for OpenLDAP, Active Directory, /etc/passwd (flat files) and SQL databases.

As LinOTPd talks via a well defined API to the UserIdResolver, it is easily possible to implement new UserIdResolvers and thus making new user stores available for LinOTP 2.

Tokenstore

Within the token store LinOTPd stores all information for an authentication token. LinOTPd is able to use different SQL backends for storing the token information. It is well tested with Postgres, MySQL and sqlite.

Splitting the user store and the token store, it is possible to assign several OTP tokens to single user and to import or enroll OTP tokens, that are not assigned to any user, yet.

Management

LinOTPd provides a lean API for managemet clients to administer LinOTP 2. A management client will not have to access the user store or the token store directly, but it will always and only communicate with the LinOTPd.

At the moment a command line client and a GTK based GUI client are available, both on Windows and Linux.

Using this lean management API it is easily possible to implement new management clients to your very own needs.

Authentication

LinOTPd provides an even leaner API for authenticating users. LinOTP 2 comes with authentication modules for FreeRADIUS 2 and PAM. Implementing more authentication modules like for apache2 or web applications should be straight forward.

 

Given all these lean APIs makes LinOTP 2 open for any integration, new developments and simple adaptions.

 

 

Give us your feedback...

Do you like the new LinOTP 2.1?