(RADIATOR) Digipass support under Solaris

Mike McCauley mikem at open.com.au
Wed Feb 16 15:52:36 CST 2005 

Hello Roy,


On Thursday 17 February 2005 01:50, Roy Badami wrote:
> [Sorry, didn't mean to take this off-list; replied to the wrong message]
>
> >>>>> "Roy" == Roy Badami <roy.badami at globalgraphics.com> writes:
>
>     Roy> Hmm, I spoke too soon.  It worked for the first token I
>     Roy> tried, but not for another (from a different batch) I just
>     Roy> get 'Validation Failed'.  Any suggestions as to how to debug
>     Roy> this...?
>
> Ok, mystery resolved, by extracting the token data from the old server
> using some judicious cutting and pasting of the transaction logs in a
> text editor... :-)

OK. I replied to you too soon.

>
> The token in question is a Digipass 300 that is a little over two
> years old, but it seems to be suffering from excessive clock skew.
> Clock skew is being reported by 'digipass.pl info' as 042906 -- is
> that seconds?
Yes. Bad token!

>
> I'm not sure I'd want to run with SyncWindow set that high in
> RADIATOR, so instead I patched digipass.pl to allow SyncWindow to be
> specified in digipass.pl, hence I can reset a highly skewed token
> with:
>
> digipass.pl reset <serial_no>
> digipass.pl -syncwindow 48 verify <serial_no> <tokencode>

OK, fixed for the next release.
Thanks for your contribution!

Cheers.


>
> 	    -roy
>
> --------------------
>
>
> --- digipass.pl Wed Feb 16 15:38:53 2005
> +++ digipass2.pl        Wed Feb 16 15:40:04 2005
> @@ -29,6 +29,7 @@
>       'importkey=s',         # Key for importing tokens from a file
>       'app=s',               # The name of the Digipass application to use.
> Spaces are important 'f',                   # Force updates
> +     'syncwindow=s',
>       );
>
>  &NGetOpt(@options) || &usage;
> @@ -40,6 +41,7 @@
>  my $dbauth     = $main::opt_dbauth     || 'fred';
>  my $importkey  = $main::opt_importkey  ||
> '11111111111111111111111111111111'; # For importing my $app        =
> $main::opt_app        || 'APPL 1      ';
> +my $syncwindow = $main::opt_syncwindow || 6;
>
>  # First make sure we can connect to the database
>  # Open the database
> @@ -50,7 +52,7 @@
>
>      || die "Could not connect to $dbsource: $DBI::errstr";
>
>  # Intialise the kernel paramters that Authen::Digipass requires for most
> calls. -$kparms = Authen::Digipass::KernelParms->new();
> +$kparms = Authen::Digipass::KernelParms->new(SyncWindow => $syncwindow);
>
>  # Now find out the command they want to do
>  my $command = shift @ARGV;

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list