Hello. I'm thinking of developing a "poor man's" one-time password (OTP) module. I call it a poor man's OTP since it will not require the purchase of a hardware key fob for generating passwords and the one-time passwords will be emailed to a mobile phone using a secure SMTP server rather than a SMS gateway which usually incurs a fee.
The idea for this module came about because some admin users for another Drupal application I developed are using very weak passwords to access the system. With this OTP module, the user will be required to enter both their regular password and a one-time password. I suppose I could implement an existing module to force more complex passwords but then the user will just write it down on a sticky note and paste it to their monitor which doesn't make the system any more secure.
Not all users will need to have OTP since they don't access sensitive information. Therefore, the module will provide the option to set OTP per user role or site-wide.
A search on the Drupal modules page revealed a couple of projects linked to commercial OTP but I didn't find anything similar to what I'm proposing. Do any of you know of something similar in existence? I certainly don't to re-invent the wheel if I don't have to. Thanks.
Comments
Can I help?
I need this functionality for one of my clients too. I think it's a good idea and want such a module. I didn't research the issue too much but I believe it shouldn't be too complicated.
I'm kind of rusty with my Drupal skills but I am programing c# for a living most of the time on Microsoft CRM.
What do we need to get started?
Thanks for your offer of
Thanks for your offer of help. I'm almost finished writing the module but I could use some assistance in reviewing the code and testing it out.
I started out using just SMTP to send the OTP but decided to include an option to also use Clickatell (www.clickatell.com) for sending via SMS once I realized it's not that difficult nor expensive to send SMS with Clickatell.
I'm going to apply for a CVS account in the next few days and set up a project page once approved (hopefully). I'll post back here once everything is setup.
OK, great! I will be happy to
OK, great!
I will be happy to review the code and perhaps extend to another service provider.
Waiting for you to post the code.
OTP CVS Application
Hi ami. I applied for a CVS account for my OTP module. It's still in the review process but you can download the archive (http://drupal.org/node/858062) and try it out.
Error message in log - it's not sending sms
Hi jchin,
The module looks promissing!
I installed the module and set up an account at clickatell.
When I try to test the module by logging in as a user that needs the OTP I get a message that the system is not able to send the SMS at the moment. I then logged in as the admin and saw a message in the log: SMS error when sending One-Time Password to client1. Error message: error setting certificate verify locations: CAfile: .../sites/all/modules/otp/cacert.pem CApath: /etc/ssl/certs
I really don't know what to do next... please help!
Thanks,
Ami
Hi ami. Did you download the
Hi ami. Did you download the cacert.pem file from http://curl.haxx.se/docs/caextract.html and place it in the main OTP module directory?
I set the CURLOPT_SSL_VERIFYPEER to FALSE.
I know it's not the right solution to the problem, but it solved the symptom.
what is statc and OTP when i am requesting OTP with OTP module
Hi frds, please anybody can help me to get one time password in drupal.
i am instatalled OTP module in my project,
so when i as logging through OTP login, i am getting enter static and OTP textfields without
getting anymail to me, so please
if any ones know this problem plz mail me
ravi.t@vimukti.com