macOS
brew install oath-toolkitlocal Homebrew formula metadata
sudo port install oath-toolkitMacPorts ports tree · security/oath-toolkit/Portfile · source: api.github.com
brew
Tools for one-time password authentication systems. Version 2.6.14 via Homebrew; verified 2026-06-27.
install
brew install oath-toolkitlocal Homebrew formula metadata
sudo port install oath-toolkitMacPorts ports tree · security/oath-toolkit/Portfile · source: api.github.com
sudo apk add oath-toolkitAlpine Linux edge package indexes · oath-toolkit · source: dl-cdn.alpinelinux.org
sudo apt install liboath-devDebian stable package indexes · liboath-dev · source: deb.debian.org
sudo dnf install liboathFedora Rawhide package metadata · liboath · source: dl.fedoraproject.org
nix profile install nixpkgs#oath-toolkitnixpkgs package indexes · pkgs/by-name/oa/oath-toolkit/package.nix · source: api.github.com
sudo pacman -S oath-toolkitArch Linux sync databases · oath-toolkit · source: geo.mirror.pkgbuild.com
sudo zypper install liboath-developenSUSE Tumbleweed package metadata · liboath-devel · source: download.opensuse.org
overview
Tools for one-time password authentication systems
history
OATH Toolkit is a long-running free software implementation of one-time password infrastructure. It provides shared C libraries, the oathtool and pskctool command-line tools, and a pam_oath module for integrating HOTP/TOTP authentication into Unix login stacks.
Simon Josefsson introduced the OATH Toolkit publicly in January 2011 as software for OATH one-time password authentication, including oathtool and pam_oath. A May 2011 release announcement for version 1.10.0 points to the Nongnu project page, man pages, PAM documentation, API reference, signed release tarballs, and the Savannah project home.
The toolkit tracks the standards ecosystem around one-time passwords: HOTP from RFC 4226, TOTP from RFC 6238, and PSKC from RFC 6030. Later releases added support for HMAC-SHA256 and HMAC-SHA512 TOTP generation and validation APIs in version 2.6.0, and the project moved version-controlled source hosting to GitLab in version 2.6.2 before moving public Git hosting to Codeberg in version 2.6.13.
OATH Toolkit spread through Unix package ecosystems because it solved a boring but durable operations problem: generating and validating standard OTP values and adding PAM-based OTP checks to existing systems. The input package record lists apk, Homebrew, Debian, Fedora, MacPorts, Nix, Arch, Ubuntu, and openSUSE package names, reflecting broad distribution rather than a single application community.
Developers use liboath when embedding HOTP/TOTP validation in C applications, operators use oathtool for token generation and testing, pskctool handles Portable Symmetric Key Container data, and administrators use pam_oath to require OTP values during PAM authentication. A common deployment stores token records in a usersfile such as /etc/users.oath.
The package is a classic security-toolchain package: small command-line utilities, a C library ABI, a PAM module, man pages, signed source releases, and long-term distro packaging. It also shows how standards-based authentication plumbing ages: compatibility fixes, crypto algorithm additions, build-system maintenance, and security advisories matter as much as new features.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Credential-bearing paths to review before unattended agent runs.
/etc/users.oathexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
oathtool | cli | global executable | |
pskctool | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://oath-toolkit.codeberg.page/
install metadata
| Package key | brew:oath-toolkit |
|---|---|
| Version | 2.6.14 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/oath-toolkit |
| Homepage | https://oath-toolkit.codeberg.page/ |
| Repository | https://codeberg.org/oath-toolkit/oath-toolkit |
| Upstream docs | https://oath-toolkit.codeberg.page/docs.html |
| License | GPL-3.0-or-later AND LGPL-2.1-or-later |
| Source archive | https://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.6.14.tar.gz |
| Last updated | 2026-06-27T14:40:16-04:00 |
| Pulse | updated |
| Dependencies | libxml2, libxmlsec1, openssl@3 |
| Build dependencies | pkgconf |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | oath-toolkit |
| Version Scheme | 0 |
| Revision | 3 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
liboath-dev 2.6.12-1
Development files for the OATH Toolkit Liboath library
https://www.nongnu.org/oath-toolkit/
sudo apt install liboath-devliboath0t64 2.6.12-1
OATH Toolkit Liboath library
https://www.nongnu.org/oath-toolkit/
sudo apt install liboath0t64libpam-oath 2.6.12-1
OATH Toolkit libpam_oath PAM module
https://www.nongnu.org/oath-toolkit/
sudo apt install libpam-oathlibpskc-dev 2.6.12-1
Development files for the OATH Toolkit Libpskc library
https://www.nongnu.org/oath-toolkit/
sudo apt install libpskc-devlibpskc0t64 2.6.12-1
OATH Toolkit Libpskc library
https://www.nongnu.org/oath-toolkit/
sudo apt install libpskc0t64oathtool 2.6.12-1
OATH Toolkit oathtool command line tool
https://www.nongnu.org/oath-toolkit/
sudo apt install oathtoolpskctool 2.6.12-1
OATH Toolkit pskctool command line tool
https://www.nongnu.org/oath-toolkit/
sudo apt install pskctooloath-toolkit
nix profile install nixpkgs#oath-toolkitliboath-dev 2.6.11-2.1build3
Development files for the OATH Toolkit Liboath library
https://www.nongnu.org/oath-toolkit/
sudo apt install liboath-devliboath0t64 2.6.11-2.1build3
OATH Toolkit Liboath library
https://www.nongnu.org/oath-toolkit/
sudo apt install liboath0t64libpam-oath 2.6.11-2.1build3
OATH Toolkit libpam_oath PAM module
https://www.nongnu.org/oath-toolkit/
sudo apt install libpam-oathlibpskc-dev 2.6.11-2.1build3
Development files for the OATH Toolkit Libpskc library
https://www.nongnu.org/oath-toolkit/
sudo apt install libpskc-devlibpskc0t64 2.6.11-2.1build3
OATH Toolkit Libpskc library
https://www.nongnu.org/oath-toolkit/
sudo apt install libpskc0t64oathtool 2.6.11-2.1build3
OATH Toolkit oathtool command line tool
https://www.nongnu.org/oath-toolkit/
sudo apt install oathtoolpskctool 2.6.11-2.1build3
OATH Toolkit pskctool command line tool
https://www.nongnu.org/oath-toolkit/
sudo apt install pskctooloath-toolkit 2.6.14-r1
OATH Toolkit One-time password components
https://nongnu.org/oath-toolkit/
sudo apk add oath-toolkitsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.