<h1class="sectionedit1"id="external_second_factor">External Second Factor</h1>
<divclass="level1">
<p>
This simple plugin can be used to add a second factor for authentication (SMS, OTP,…). It uses external commands to send and validate the second factor. You can use any language to call your 2nd factor system.
</p>
</div>
<!-- EDIT1 SECTION "External Second Factor" [1-251] -->
Commands received arguments on the command line and must return a 0 code if succeed, another else. <strong>Nothing must be written to STDOUT</strong>, STDERR is reported in logs <em>(but may be lost with FastCGI server)</em>.
<liclass="level1"><divclass="li"><strong>Send command</strong>: define your command using <em>$attribute</em> like in rules. Example: <code>/usr/local/bin/sendOtp –uid $uid</code></div>
</li>
<liclass="level1"><divclass="li"><strong>Validation command</strong>: you must also use <em>$code</em> which is the value entered by user; Example: <code>/usr/local/bin/verify –uid $uid –code $code</code></div>
</li>
<liclass="level1"><divclass="li"><strong>Authentication Level</strong>: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5</div>
<divclass="noteimportant">The command line is split in an array and launch with exec(). So you don't need to enclose arguments in “” and this protects your system against shell injection. However, you can not use any space except to separate arguments.