Developer blog

Today we are proud to release LinOTP 2.1.

New key features are the multi client capability, self service, new tokens and redundancy in the Active Directory connection.

LSE LinOTP 2 is now licensed under the AGPLv3. The mulit client capability in mind, makes it now more sensible for ISPs and ASPs to use LinOTP 2.

More on LSE LinOTP Community Edition.

The LSE LinOTP Enterprise Edition continues to be provided by LSE for enterprise customers with demand for professional services, additional management features and additional supported hardware tokens.

To integrate client certificate authentication in OTRS more smoothly we provided an opm package, that can be easily installed.

A small authentication module for OTRS enables you to authenticate to OTRS by using a client certificate. Thus we get rid of all these passwords and add a bit more security.

Feel free to adapt it to your needs or make it more flexible.

Today we published ''LinOTP'', our solution for one time password authentication based on the HMAC OTP algorithm (RFC4226), as opensource. LSE LinOTP contained several code fragments that were already published under the GPLv2.

LSE LinOTP is now available as a Community Edition, which is completely licensed under GPLv2 and may be downloaded on this site.

The LSE LinOTP Enterprise Edition continues to be provided by LSE for enterprise customers with demand for professional services, additional management features and additional supported hardware tokens.

In publishing the LSE LinOTP Community Edition we respond to several requests from interested Linux users and opened the strong two factor authentication for a wider community and made it available for non-commercial, non-enterprise use.

We keep testing current -git releases and 2.6.31 seems stable for most of our test cases. We submitted a fix for a memory leak in nfsd which was reported by kmemleak. Kmemleak hooks kmalloc, kfree and friends to track every memory allocation and deallocation. It periodically scans the kernel memory (allocated memory and the stacks of kernel threads) to check if there is still a pointer referencing the objects. If there is no pointer to one of the objects the code location (and stacktrace) where it was allocated along with a message is reported trough sysfs.

Another fix we submitted is for a corner case in EXT4, where the code tried to access the journal when generating an error message. The problem was triggered with a corrupt filesystem, where the journal could not be loaded during mount time and another corruption triggered the oops in the error message.

Apart from this, several other bugs got reported by us among them a lockdep miss-annotation in the tee system call which already got fixed.

We began our regularly testing of the Linux kernel last week. From now on, we will test the current development -git tree regularly on several systems to help stabilizing the tree and find as many bugs as possible before the stable kernel is released. For this we use several test-suites, amongst others the LTP, isic, a customized version of fsfuzzer and several other stress testing tools we found useful. A patch written by Sebastian Andrzej Siewior which fixes an issue we reported already made it into the crypto-dev tree. We will continue this process and once the tree gets more stable we hope be able to take a closer look at different issues ourselves and write further tests.

We are at Cebit again! Meet us in Halle 11, Stand B38.

We're going public!

We have packaged the USB/IP userspace for Debian. The source package is maintained in a git repository on git.debian.org

The package is currently waiting in the Debian NEW queue.

Once the package enters unstable, we plan to upload a backport for Lenny to backports.org including a module source package (usbip-source) for use with 2.6.26 kernels.

USB/IP is a very promising USB device sharing system. It makes all kinds of USB devices accessible to other systems over TCP/IP.

As we are going to make more use of USB/IP both for ourselves and for LSE customers, we are starting to make some improvements.

One thing in particular that we're starting to work on is strong encryption to ensure confidentiality of the data transferred and for access control.

Naturally, those improvements will be contributed back to the USB/IP community and we hope to have them merged into the USB/IP upstream code.

We are working out a draft concept at the moment, you should be able to read more about it here and on the usbip-devel@lists.sourceforge.net mailinglist in a short while. :-)