Expand description
OTP-mode hardware token authentication.
This module covers hardware tokens that authenticate via a one-time password (OTP) delivered as a plain string — currently YubiKey OTP validated against the Yubico cloud API.
It also accepts smart_card and piv_card token types in its dispatch table, but
those return a configuration error explaining that PC/SC-based PKI authentication
cannot be reduced to a string exchange and must go through mTLS instead.
§What does NOT belong here
FIDO2 / WebAuthn is intentionally absent. WebAuthn is a two-phase protocol
(challenge generation → signed assertion) that requires credential storage and
cryptographic signature verification. Use
PasskeyAuthMethod for that.
Structs§
- Hardware
OtpToken - OTP-mode hardware token authenticator.
- Hardware
OtpToken Config - Configuration for
HardwareOtpTokenvalidation.