Package: x2goclient
Version: 4.0.5.2
Tags: patch


Hello,

There is very nice OTP (One Time Password) algorithm called "Mobile-OTP"
(MOTP).  Here is a link for more information:

  http://motp.sourceforge.net/

This small patch extends x2goclient's OTP support to accommodate MOTP.

The patch adds a new string ("passcode:") to challenge_auth_code_prompts_[].
It also adds some comments that indicates the source of the various prompt
strings in that array.

MOTP is a very nice algorithm that is worthy of support for several reasons.

It is "free" and "open" and does not rely on a third party infrastructure to
operate.

It is a Time-based One Time Password (TOTP) algorithm (like OATH can be), with
a distinguishing advantage; it does 2FA ("2 Factor Authentication") innately.
That is because it requires a 4 digit PIN to be entered every time it is used.
The PIN is not stored in the "token" (i.e. smartphone), so a stolen phone
does an attacker no good...

It is well established and popular.  There are many versions of the "token"
available (much more than just IOS and Android apps).  It is supported by
several "backend" systems (like LinOTP).  Please refer to the "Links" section
on the project page for many more examples...

Thanks for your consideration!  X2Go rocks!

- Tor