Skip to content

[dns_kas] Added 2FA support #6770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
poldixd wants to merge 4 commits into from
Closed

[dns_kas] Added 2FA support #6770

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e3b6e53
[dns_kas] Added 2FA support
poldixd Feb 3, 2026
80ee7af
[dns_kas] correct KAS 2FA OTP condition handling
poldixd Feb 3, 2026
e71a579
[dns_kas] Added 2FA support
poldixd Feb 3, 2026
58babd4
test commit
poldixd Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions dnsapi/dns_kas.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Options:
KAS_Login API login name
KAS_Authtype API auth type. Default: "plain"
KAS_Authdata API auth data
KAS_OTP_Secret 2 Factor Authentication Shared Secret (optional requires oathtool)
Issues: github.com/acmesh-official/acme.sh/issues/2715
Author: squared GmbH <github@squaredgmbh.de>, Martin Kammerlander <martin.kammerlander@phlegx.com>, Marc-Oliver Lange <git@die-lang.es>
'
Expand Down Expand Up @@ -146,6 +147,7 @@ _check_and_save() {
KAS_Login="${KAS_Login:-$(_readaccountconf_mutable KAS_Login)}"
KAS_Authtype="${KAS_Authtype:-$(_readaccountconf_mutable KAS_Authtype)}"
KAS_Authdata="${KAS_Authdata:-$(_readaccountconf_mutable KAS_Authdata)}"
KAS_OTP_Secret="${KAS_OTP_Secret:-$(_readaccountconf_mutable KAS_OTP_Secret)}"

if [ -z "$KAS_Login" ] || [ -z "$KAS_Authtype" ] || [ -z "$KAS_Authdata" ]; then
KAS_Login=
Expand All @@ -157,6 +159,7 @@ _check_and_save() {
_saveaccountconf_mutable KAS_Login "$KAS_Login"
_saveaccountconf_mutable KAS_Authtype "$KAS_Authtype"
_saveaccountconf_mutable KAS_Authdata "$KAS_Authdata"
_saveaccountconf_mutable KAS_OTP_Secret "$KAS_OTP_Secret"
return 0
}

Expand Down Expand Up @@ -219,12 +222,29 @@ _get_record_id() {

# Retrieve credential token
_get_credential_token() {
if [ -n "$KAS_OTP_Secret" ]; then
if ! _exists oathtool; then
_err "Please install oathtool to use 2 Factor Authentication."
_err ""
return 1
fi

# Get OTP code with the defined secret.
otp_code="$(oathtool --base32 --totp "${KAS_OTP_Secret}" 2>/dev/null)"


fi

baseParamAuth="\"kas_login\":\"$KAS_Login\""
baseParamAuth="$baseParamAuth,\"kas_auth_type\":\"$KAS_Authtype\""
baseParamAuth="$baseParamAuth,\"kas_auth_data\":\"$KAS_Authdata\""
baseParamAuth="$baseParamAuth,\"session_lifetime\":600"
baseParamAuth="$baseParamAuth,\"session_update_lifetime\":\"Y\""

if [ -n "$otp_code" ]; then
baseParamAuth="$baseParamAuth,\"session_2fa\":\"$otp_code\""
fi

data='<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:xmethodsKasApiAuthentication" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:KasAuth><Params xsi:type="xsd:string">{'
data="$data$baseParamAuth}</Params></ns1:KasAuth></SOAP-ENV:Body></SOAP-ENV:Envelope>"

Expand Down