(RADIATOR) Digipass support under Solaris

Mike McCauley mikem at open.com.au
Wed Feb 16 16:22:49 CST 2005 

Hi Roy,

On Thursday 17 February 2005 07:52, Mike McCauley wrote:
> Hello Roy,
>
> On Thursday 17 February 2005 01:50, Roy Badami wrote:
> > [Sorry, didn't mean to take this off-list; replied to the wrong message]
> >
> > >>>>> "Roy" == Roy Badami <roy.badami at globalgraphics.com> writes:
> >
> >     Roy> Hmm, I spoke too soon.  It worked for the first token I
> >     Roy> tried, but not for another (from a different batch) I just
> >     Roy> get 'Validation Failed'.  Any suggestions as to how to debug
> >     Roy> this...?
> >
> > Ok, mystery resolved, by extracting the token data from the old server
> > using some judicious cutting and pasting of the transaction logs in a
> > text editor... :-)
>
> OK. I replied to you too soon.
>
> > The token in question is a Digipass 300 that is a little over two
> > years old, but it seems to be suffering from excessive clock skew.
> > Clock skew is being reported by 'digipass.pl info' as 042906 -- is
> > that seconds?
>
> Yes. Bad token!

Hmmm, I guess another possibility is that the GMT on the host where 
Authen-Digipass runs is wrong?

Although, given that you had a successful auth with another token, it probably 
rules this out.

Cheers.

>
> > I'm not sure I'd want to run with SyncWindow set that high in
> > RADIATOR, so instead I patched digipass.pl to allow SyncWindow to be
> > specified in digipass.pl, hence I can reset a highly skewed token
> > with:
> >
> > digipass.pl reset <serial_no>
> > digipass.pl -syncwindow 48 verify <serial_no> <tokencode>
>
> OK, fixed for the next release.
> Thanks for your contribution!
>
> Cheers.
>
> > 	    -roy
> >
> > --------------------
> >
> >
> > --- digipass.pl Wed Feb 16 15:38:53 2005
> > +++ digipass2.pl        Wed Feb 16 15:40:04 2005
> > @@ -29,6 +29,7 @@
> >       'importkey=s',         # Key for importing tokens from a file
> >       'app=s',               # The name of the Digipass application to
> > use. Spaces are important 'f',                   # Force updates
> > +     'syncwindow=s',
> >       );
> >
> >  &NGetOpt(@options) || &usage;
> > @@ -40,6 +41,7 @@
> >  my $dbauth     = $main::opt_dbauth     || 'fred';
> >  my $importkey  = $main::opt_importkey  ||
> > '11111111111111111111111111111111'; # For importing my $app        =
> > $main::opt_app        || 'APPL 1      ';
> > +my $syncwindow = $main::opt_syncwindow || 6;
> >
> >  # First make sure we can connect to the database
> >  # Open the database
> > @@ -50,7 +52,7 @@
> >
> >      || die "Could not connect to $dbsource: $DBI::errstr";
> >
> >  # Intialise the kernel paramters that Authen::Digipass requires for most
> > calls. -$kparms = Authen::Digipass::KernelParms->new();
> > +$kparms = Authen::Digipass::KernelParms->new(SyncWindow => $syncwindow);
> >
> >  # Now find out the command they want to do
> >  my $command = shift @ARGV;

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list