From: Jorge Pereira <jpereira@freeradius.org>
Date: Thu, 14 Sep 2023 01:03:18 +0000 (-0300)
Subject: totp: Update raddb/mods-available/totp
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=534d165e71ec87a526e0e0f33a441666e5fd100a;p=thirdparty%2Ffreeradius-server.git

totp: Update raddb/mods-available/totp

* Update mods-available/totp to new asciidoc markup
* Fix the attributes
---

diff --git a/raddb/mods-available/totp b/raddb/mods-available/totp
index 43d2f57afa4..87acd56aebe 100644
--- a/raddb/mods-available/totp
+++ b/raddb/mods-available/totp
@@ -2,35 +2,38 @@
 #
 #  $Id$
 
+########################################################################
 #
-#  Time-based One-Time Passwords (TOTP)
+#  = Time-based One-Time Passwords (TOTP)
 #
-#  Defined in RFC 6238, and used in Google Authenticator.
+#  Defined in `rfc6238`, and used in Google Authenticator.
 #
 #  This module can only be used in the "authenticate" section.
 #
 #  The Base32-encoded secret should be placed into:
 #
-#	&control:TOTP-Secret
+#	`&control.TOTP.Secret`
 #
 #  Any "bare" key should be placed into:
 #
-#	&control:TOTP-Key
+#	`&control.TOTP.Key`
 #
-#  If TOTP-Key exists, then it will be used instead of TOTP-Secret.
+#  If `TOTP.Key` exists, then it will be used instead of `TOTP.Secret`.
 #
 #  The TOTP password entered by the user should be placed into:
 #
-#	&request:TOTP-Password
+#	`&request.TOTP.From-User`
 #
-#  The module will return "ok" if the passwords match, and "fail"
+#  The module will return `ok` if the passwords match, and `fail`
 #  if the passwords do not match.
 #
-#  Note that this module will NOT interact with Google.  The module is
+#  NOTE: The crypto algorithms are HmacSHA1, HmacSHA256 and HmacSHA512.
+#
+#  NOTE: This module will *NOT* interact with Google. The module is
 #  intended to be used where the local administrator knows the TOTP
 #  secret key, and user has an authenticator app on their phone.
 #
-#  Note also that while you can use the Google "chart" APIs to
+#  NOTE: Also that while you can use the Google "chart" APIs to
 #  generate a QR code, doing this will give the secret to Google!
 #
 #  Administrators should instead install a tool such as "qrcode"
@@ -38,32 +41,35 @@
 #	https://linux.die.net/man/1/qrencode
 #
 #  and then run that locally to get an image.
-#  
 #
-#  The module takes no configuration items.
+
+#
+#  ## Configuration Settings
+#
+#  totp { ... }::
 #
 totp {
 	#
-	#  Default time step between time changes
+	#  time_step:: Default time step between time changes.
 	#
 	time_step = 30
 
 	#
-	#  Length of the one-time password.
+	#  otp_length:: Length of the one-time password.
 	#
 	#  Must be 6 or 8
 	#
-	otp_length = 8
+	otp_length = 6
 
 	#
-	#  How many steps backward in time we look for a matching OTP
+	#  lookback_steps:: How many steps backward in time we look for a matching OTP.
 	#
 	lookback_steps = 1
 
 	#
-	#  Time delta between steps.
+	#  lookback_interval:: Time delta between steps.
 	#
-	#  Cannot be larger than time_step
+	#  Cannot be larger than `time_step`
 	#
 	lookback_interval = 30
 }