multiOTP open source

multiOTP open source is a GNU LGPL implementation of a strong two-factor authentication PHP class
multiOTP open source is OATH certified for HOTP/TOTP

(c) 2010-2026 SysCo systemes de communication sa
https://www.multiotp.net/

Current build: 5.10.2.1 (2026-03-23)

Binary download: https://download.multiotp.net/ (including virtual appliance image, docker and full release notes)

Docker container available: docker run -v path/to/multiotp/data:/etc/multiotp -v path/to/freeradius/config:/etc/freeradius -v path/to/multiotp/log:/var/log/multiotp -v path/to/freeradius/log:/var/log/freeradius -p 80:80 -p 443:443 -p 1812:1812/udp -p 1813:1813/udp -d multiotp/multiotp-open-source

Docker volumes
PATH/TO/MULTIOTP/DATA/VOLUME:/etc/multiotp
PATH/TO/FREERADIUS/CONFIG/VOLUME:/etc/freeradius
PATH/TO/MULTIOTP/LOG/VOLUME:/var/log/multiotp
PATH/TO/FREERADIUS/LOG/VOLUME:/var/log/freeradius

A Dockerfile is included in the distribution ZIP file

The multiotp/multiotp-open-source docker is working on Synology devices !

It's strongly recommended to read the whole README file.
That said, if you're in a hurry: the default RADIUS secret for subnet 0.0.0.0/0 is myfirstpass.

Binary download of the multiOTP open source Credential Provider for Windows 7/8/8.1/10/11/2012(R2)/2016/2019/2022/2025 : https://download.multiotp.net/credential-provider/

Please consider supporting this project by making a donation via PayPal

Visit http://forum.multiotp.net/ for additional support.

The multiOTP package is the lightest package available that provides so many strong authentication functionalities and goodies, and best of all, for anyone that is interested about security issues, it's a fully open source solution!

This package is the result of a bunch of work. If you are happy using this package, [Donation] are always welcome to support this project. Please check https://www.multiotp.net/ and you will find the magic button ;-)

If you need some specific features in the open source edition of multiOTP, please contact us in order to discuss about a sponsorship in order to prioritize your needs.

You can also have a look on on https://www.multiOTP.com for multiOTP Pro and multiOTP Enterprise, which are commercial editions of ready to use virtual appliances including more features like:

• Full Web GUI interface
• Automated provisioning of new account (based on Active Directory)
• High Availability master-slave support (Enterprise Edition)
• Push token using free multiOTP token App (Enterprise Edition)
• Web API support (Enterprise Edition)
• free virtual appliances available, including a free lifetime one user licence
• online demo of the full Web GUI interface
• ...

The multiOTP class supports currently the following algorithms and RFC's:

• OATH/HOTP or OATH/TOTP, base32/hex/raw seed, QRcode provisioning (multiOTP token App, FreeOTP, Google Authenticator, ...)
• Yubico OTP (http://yubico.com/yubikey)
• mOTP (http://motp.sourceforge.net)
• SMS tokens (using Afilnet, aspsms, Clickatell, eCall, IntelliSMS, Nexmo, NowSMS, SMSEagle, SMSGateway, Spryng, Swisscom, Telnyx, any custom provider, your own script)
• TAN (emergency scratch passwords)
• RFC1994 CHAP (Challenge Handshake Authentication Protocol)
• RFC2433 MS-CHAP (Microsoft PPP CHAP Extensions)
• RFC2487 SMTP Service Extension for Secure SMTP over TLS
• RFC2759 MS-CHAPv2 (Microsoft PPP CHAP Extensions, Version 2)
• RFC2821 SMTP (Simple Mail Transfer Protocol)
• RFC4226 OATH/HOTP (HOTP: An HMAC-Based One-Time Password Algorithm)
• RFC5424 Syslog Protocol (client)
• RFC6030 PSKC (Additional Portable Symmetric Key Container Algorithm Profiles)
• RFC6238 OATH/TOTP (TOTP: Time-Based One-Time Password Algorithm)

This package was initially published here : http://syscoal.users.phpclasses.org/package/6373.html For more PHP classes, have a look on PHPclasses.org, where a lot of authors are sharing their classes for free.

TABLE OF CONTENTS

• Donations and sponsoring
• Wishlist for future releases
• How can I upgrade from a previous version ?
• What's new in the releases
• Change Log of released version
• Content of the package
• Typical tree of a working Linux installation
• How can I create myself the different versions ?
• When and how can I use this package ?
• What is the prefix PIN option ?
• How the lockout of an account is working ?
• How to self-unlock an account ?
• How to debug ?
• How to install the multiOTP web service under Windows ?
• How to install the multiOTP radius server under Windows ?
• Configuring multiOTP with TekRADIUS or TekRADIUS LT under Windows
• How to install the multiOTP web service under Linux ?
• Configuring multiOTP with FreeRADIUS 2.x under Linux
• Configuring multiOTP with FreeRADIUS 3.x under Linux
• How to configure multiOTP to synchronized the users from an Active Directory ?
• How to configure multiOTP to synchronized the users from a standard LDAP ?
• How to configure multiOTP to use the client/server feature ?
• How to build a Raspberry Pi strong authentication server ?
• How to install a local only strong authentication on a Windows machine ?
• How to install a centralized 2FA server for Windows desktops or RDP login ?
• Adding 2FA with multiOTP to the Remote Desktop Web Access (RDWeb) on Windows
• Same Windows generic account with multiple two-factor authentication accounts
• Using multiOTP on Linux for SSH login
• LDAP filter customization
• OpenSSL options for LDAPS
• Compatible clients applications and devices
• External packages used
• multiOTP PHP class documentation
• multiOTP command line tool

DONATIONS AND SPONSORING

You can support our multiOTP open source project with donations and sponsoring. Sponsorships are crucial for ongoing and future development of the project! If you'd like to support our work, then consider making a donation, any support is always welcome even if it's as low as $1! You can also sponsor the development of a specific feature. Please contact us in order to discuss the detail of the implementation.

HOW CAN I UPGRADE FROM A PREVIOUS VERSION ?

!!! Be careful when you upgrade your multiOTP open source Virtual Appliance !!! The multiOTP open source Virtual Appliance is using the files in raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp, with config and backend folders defined to be located in /etc/multiotp/

If you are currently using the multiOTP open source Virtual Appliance, you can upgrade the multiOTP version by copying the extracted content of the folder and subfolders from raspberry/boot-part/multiotp-tree/usr/local/bin/multiotp to /usr/local/bin/multiotp
An update through the web interface should be available in the future

If you are currently using the multiOTP open source linux files, you can upgrade your installation by copying the extracted content of the folder and subfolders from linux to your current multiOTP folder

!!! since 5.0.4.6 under Linux, the config, devices, groups, tokens and users folders are now always located in /etc/multiotp/. Please be sure to make the move when you are upgrading !!! (before 5.0.4.6, theses subfolders where located just below the main multiOTP folder)

If you are currently using the multiOTP open source windows files, you can upgrade your installation by copying the extracted content of the folder and subfolders from windows to your current multiOTP folder

WHAT'S NEW IN THIS 5.10.x RELEASE

• New Proxmox, OVA and Hyper-V appliances available (version 013, based on Debian 13)
• Push support with the multiOTP token App, available for free with Enterprise subscription

CHANGE LOG OF RELEASED VERSIONS

2026-03-23 5.10.2.1 FIX: Changing notification options (SMTP server and SysLog options) was not always possible
                    FIX: SMSEagle v2 implementation was not always able to send to international countries
                    FIX: websocketCore.php was missing in the sources
                    ENH: Template updated to propose the free "multiOTP token app" by default for Android and iOS
                    ENH: Embedded Windows PHP edition updated to version 8.4.16 x64 (from 8.4.14 x86)
                    ENH: Embedded Windows nginx edition updated to version 1.29.6
                    ENH: Updated environment detection, like docker detection
                    ENH: Updated Linux helper, for the future new web interface
                    ENH: For Windows, WMIC dependencies has been removed and replaced by Powershell commands
2026-01-23 5.10.1.5 ENH: For Docker installation, configuration files are copied automatically in the external volumes if missing
2026-01-05 5.10.1.2 FIX: Locked and delayed status handled before push status
2025-12-23 5.10.1.1 ENH: New SendEmail implementation with internal smtp stack (using smtp parameters)
                    ENH: Better Docker integration
2025-12-18 5.10.0.7 FIX: PostgreSQL fix for the fields in the log table
                    FIX: Warning issue when using the docker version (old temp folder removed)
                    ENH: New options: "don't auto disable" and "don't auto enable" LDAP accounts
                    ENH: New SMS library integration and new SMSEagle v2 API support