Current version: 0.04 (4 April 2025) [src]
This Request Tracker extension allows users to add multi-factor authentication to their account.
A secret token is stored for each user, and used for time-based one-time passcodes (TOTP).
To enable MFA, the "about me" page is extended with a new section alongside identity and password, for TOTP token management. In this section, the user may scan a QR code based on this token into their mobile device's TOTP-compatible app, such as Google Authenticator. Or, they can enrol the key for their Yubikey device on this page instead.
When an account has MFA enabled, the RT login page works as usual, but the user is then prompted to enter a one-time passcode before they can proceed any further.
The MFA prompt will be repeated after a configurable duration, or when a new session begins.
If a user loses their MFA token, an administrator can switch off MFA in their account settings on their behalf, on the user basics modification page.
You can download the latest source code from here or from the linked pages.
This software is distributed under the terms of the GNU General Public License version 3 or later.
Request Tracker 5.0.0 or higher is required, along with the following Perl modules:
- Module::Install::RTx
- Authen::OATH (Debian package: libauthen-oath-perl)
- Convert::Base32 (Debian package: libconvert-base32-perl)
- Imager::QRCode (Debian package: libimager-qrcode-perl)
- Crypt::CBC (Debian package: libcrypt-cbc-perl)
- LWP::UserAgent (Debian package: libwww-perl)
Please read the README file within the archive for installation instructions.
News
- 0.04 - 4 April 2025
- First full release.