1.15. Tools#

LinOTP comes with some tools to ease system maintenance.

1.15.1. linotp#

Commands:

admin         Administrative commands to manage the linotp application...
audit         Manage audit options
backup        Manage database-specific backups
config        Show LinOTP configuration
dbsnapshot    Manage system-independent database 'snapshots'
init          Manage initialization of LinOTP
ldap-test     Test LDAP user-ID resolver connection.
local-admins  Manage local administrator accounts
routes        Show the routes for the app.
run           Runs a development server.
shell         Runs a shell in the app context.
support       Administrative commands to set and query the linotp support.

Use the help of the tool to get details about the syntax

linotp local-admins#

The command local-admins are the administrators for /manage, which are created in the internal UserIdResolver LinOTP_local_admins. Alternatively, they can be created and edited in the GUI of SVA (:8443).

linotp local-admins --help
linotp local-admins list --help

#output:
List local administrator accounts

Options:
 -f, --format TEXT  Output format template
 -l, --long         Detailed output
 --help             Show this message and exit.

Example create a new local admin for /manage

linotp local-admins add localadmin
linotp local-admins password --password geheim123 localadmin

linotp audit#

It will delete old entries in the SQL Audit log table. It can take a high and a low watermark. If the number of entries exceed the high watermark, old entries are deleted, so that only the <low watermark> newest entries remain.

This tool by default is run via cron once a day (/etc/cron.daily).

You can specify the watermarks using the command line (–high, –low), or entries in linotp.ini (linotpAudit.sql.highwatermark, linotpAudit.sql.lowwatermark). The default is set to high=10000 and low=5000.

linotp audit --help

Example

linotp audit cleanup

1.15.2. linotp-tokens-used#

This in fact is a munin [1] plugin to monitor the total amount of managed tokens, the number of unassigned tokens and the number of inactive tokens.

Of course the output can be used to be dumped to any other file.

The output can be used to set up a dynamic pay per use licensing model.

1.15.3. linotp-backup#

This shell script backs up the database and the encryption key to an PGP encrypted backup file.

1.15.4. linotp-restore#

This shell script restores a previously backed up database and encryption key.

1.15.5. linotp-convert-token#

This script converts a Safeword dat seed file to an Aladdin/SafeNet XML file.

1.15.6. linotp-convert-xml-to-csv#

This script converts an Aladdin XML file to an OATH CSV file.

1.15.7. linotp-decrypt-otpkey#

This script can be used for debug purposes. It helps to decrypt an OTP seed from the token database.

1.15.8. LinotpLDAPProxy.pm#

This is a perl module to be used with an OpenLDAP server to setup an LDAP proxy, to perform LDAP binds (authentication) with OTP values.