ProFTPD module mod_otp

The mod_otp module adds the ability to use one-time passwords when ProFTPD authenticates users. One-time password systems are defined by RFC 1938. The module can be used with Heimdal's OTP library, OPIE (One-time Password In Everything), and with the S/Key library.

This module is contained in the mod_otp.h and mod_otp.c files for ProFTPD 1.2, and is not compiled by default. Installation instructions are discussed here.

The most current version of mod_otp can be found at:


Please contact TJ Saunders <tj at> with any questions, concerns, or suggestions regarding this module.



Syntax: OTPEngine on|off
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_otp
Compatibility: 1.2.7rc2 or later

The OTPEngine configuration directives controls whether mod_otp is used by the server. If used, mod_otp will add a challenge when responding to a client's USER command. The user can enter that challenge into an OTP calculator, and enter the response as the password used for PASS. If the given OTP response is incorrect, the daemon will fall back to whichever other authentication modules are used; an incorrect response will not automatically prevent a user from logging in.


  <IfModule mod_otp.c>
    OTPEngine on


To install mod_otp, follow these instructions. After unpacking the tarball, run the configure script:
  cd mod_otp
To configure mod_otp for use with Heimdal's OTP library:
  ./configure --with-heimdal-otp
This is the default. To prepare the module for using OPIE:
  ./configure --with-opie
Or, to use S/Key with mod_otp:
  ./configure --with-skey
Note that on FreeBSD and OpenBSD, S/Key is standard, and requires no additional libraries to be installed. The configure checks your system for necessary information and writes a proper mod_otp.h. Now, copy the mod_otp.c and mod_otp.h files into the contrib/ directory:
  cp mod_otp.h proftpd-dir/contrib/
  cp mod_otp.c proftpd-dir/contrib/
after unpacking the latest proftpd-1.2 source code. Follow the usual steps for using third-party modules in proftpd:
  ./configure --with-modules=mod_otp
  make install
You may need to use the --with-includes and --with-libraries options when configuring proftpd to indicate the directories for the chosen OTP implementation's header and library files.

Author: $Author: tj $
Last Updated: $Date: 2002/10/31 17:30:40 $

© Copyright 2000-2002 TJ Saunders
All Rights Reserved