[RADIATOR] AuthSQLYubikey
Mike McCauley
mikem at open.com.au
Thu May 7 16:47:44 CDT 2009
Hello Sami,
thanks for reporting these issues.
They have now been fixed in the latest patch set.
We apologise for any inconvenience.
Cheers.
On Friday 08 May 2009 02:00:33 am Sami Keski-Kasari wrote:
> Hello,
>
> I am testing Yubikeys and find two issues:
>
> 1. Custom AuthSelect doesn't work because of this issue:
>
> --- Radius/AuthSQLYUBIKEY.pm-orig 2009-05-06 20:52:40.000000000 +0300
> +++ Radius/AuthSQLYUBIKEY.pm 2009-05-06 20:53:14.000000000 +0300
> @@ -17,7 +17,7 @@
> use MIME::Base64;
> use strict;
>
> -%Radius::AuthSQLDIGIPASS::ConfigKeywords =
> +%Radius::AuthSQLYUBIKEY::ConfigKeywords =
> ('AuthSelect' =>
> ['string', 'SQL query that will be used to fetch Yubikey data from the
> database. Special characters are permitted, and %0 is replaced with the
> quoted user name. %1 is replaced with the token ID. The default works
> with the sample yubikey database created by db_schema.sql from the
> YubiKey Validation Server.', 0],
> 'UpdateQuery' =>
>
> 2. Replay attack recoqnition is done now only via counter in Radiator.
> I think that it should be done with counter, timestamp_low and
> timestamp_high.
>
> Now the problem is that if you are using Replay attack recoqnition and
> need more than one otp password you have to unplug and plug yubikey
> everytime.
>
> Regards,
> Sami
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list