Skip to content

OTPLock

Jump to bottom
Archie L. Cobbs edited this page Jan 7, 2023 · 1 revision

The mod-authn-otp distribution includes a command line utility called otplock which allows you to safely edit the users authentication file while the server is running. The man page is reproduced here:

OTPLOCK(1)                  BSD General Commands Manual                  OTPLOCK(1)

NAME
     otplock -- Apache mod_authn_otp one-time users file locker

SYNOPSIS
     otplock usersfile [command ...]

     otplock -e usersfile

     otplock -h

DESCRIPTION
     otplock is a utility for safely accessing the mod_authn_otp users file while
     the Apache server is running.

     Because the users file is dynamically read and updated during normal server
     operation, it's not safe to simultaneously view or edit the file in a separate
     process without locking it first.

     This utility implements the same locking protocol as the mod_authn_otp module.
     It holds the exclusive lock while the given command executes.  This means that
     long as command executes, all server requests that require mod_authn_otp for
     authentication will be temporarily suspended, so command execution should be
     as brief as possible.

     If no command is given, otplock simply waits until a lock can be obtained and
     then exits.

OPTIONS
     -e      Invoke $EDITOR with the given usersfile.

             If no $EDITOR environment variable is defined, vim(1) is used.

     -h      Print the usage message and exit successfully.

RETURN VALUE
     otplock exits with one of the following return values:

     0    The users file was successfully locked, and either no command was given,
          or the command exited normally.

     N    The given command executed but exited with non-zero exit value N.

     85   otplock was invoked with invalid command line flags or parameters.

     86   A system error occurred while either locking the file or launching
          command.

     87   The given command executed but terminated by catching a signal.

SEE ALSO
     mod_authn_otp: Apache module for one-time password authentication,
     https://github.com/archiecobbs/mod-authn-otp.

AUTHOR
     Archie L. Cobbs <[email protected]>

BSD                               January 7, 2023                               BSD
Clone this wiki locally