amAuthOATH.properties revision a4544a5a0e622ef69e38641f87ab1b5685e05911
10139N/A# Distribution License (the License). You may not use this file except in compliance with the
10139N/A# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
10139N/A# When distributing Covered Software, include this CDDL Header Notice in each file and include
10139N/A# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
10139N/Aa500.help.txt=Each authentication module has an authentication level that can be used to indicate the level of security \
10139N/Aa504.help.txt= HOTP uses a counter value that is incremented every time a new OTP is generated. TOTP generates a new OTP every few seconds as specified by the time step interval.
10139N/Aa505.help.txt=This sets the window that the OTP device and the server counter can be out of sync. For example, if the window size is 100 and the servers last successful login was at counter value 2, then the server will accept a OTP from the OTP device that is from device counter 3 to 102.
10139N/Aa506.help=The name of the attribute in the user profile to store the user counter. This is required if HOTP is chosen as the OATH algorithm.
10139N/Aa507.help.txt=This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.
10139N/Aa508.help.txt=This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses a offset.
10139N/Aa509.help.txt=This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.
10139N/Aa510.help.txt=This is the number of time step intervals to check the received OTP against both forward in time and back in time. For example, with 2 time steps and a time step interval of 30 seconds the server will allow a clock drift between client and server of 89 seconds. (2-30 second steps and 29 seconds for the interval that the OTP arrived in)
10139N/Aa511.help=Attribute to store the time of the users last login. This is required if TOTP is chosen as the OATH algorithm.
10139N/Aa511.help.txt=This attribute stores the last time a user logged in to prevent time based attacks. The value is stored as a number (Unix Time).
10139N/Aa512.help.txt=The class that is used to process the user profile attribute used to store the user secret key.
10139N/Aa513.help=The name of the attribute in the user profile to store the clock drift. If left empty then clock drift checking is disabled.
10139N/Aa513.help.txt=The name of the attribute used to store the last observed clock drift which is used to indicated when a manual resynchronisation is required.
10139N/Aa514.help=Number of time steps a client is allowed to get out of sync with the server before manual resynchronisation is required. This should be greater than the TOTP Time Steps value.
10139N/Aa514.help.txt=Number of time steps a client is allowed to get out of sync with the server before manual resynchronisation is required. As this checks the time drift over multiple requests it needs to be greater than the value specified in TOTP Time Steps.