[RADIATOR] DigiPass Static PIN Reset for Go-7?
Mike McCauley
mikem at open.com.au
Wed Apr 27 15:51:50 CDT 2011
Hi,
On Wednesday 27 April 2011 11:25:55 pm Linuxchuck wrote:
> On 04/05/2011 03:44 PM, Heikki Vatiainen wrote:
> > On 04/04/2011 07:44 PM, Linuxchuck wrote:
> >> Time for a DigiPass token question. I have a box of 125 brand-new
> >> DigiPass Go-7 tokens that I have imported into our production
> >> Radiator server, and they work just fine. My question is: Is the
> >> static password change procedure as outlined in the documentation
> >> applicable to Go-7 tokens? The doc states "Go-1 and Go-3 tokens
> >> (among others) also support the ability to change your PIN.". Would
> >> the Go-7 be one of those that are "among others"?
> >
> > We do not have any Go-7 cards here, but we expect consistent behaviour
> > with other tokens. However, support of PINs is dependent on that option
> > being enabled in the card's import record (ie by Vasco), and the PIN
> > options that might be configured there.
> >
> > You should check the import records for these tokens.
> >
> >> If so, I seem to have run into a snag trying the process. The trace
> >> 4 log shows an error of "DEBUG: Radius::AuthSQLDIGIPASS REJECT:
> >> Digipass Authentication failed: Response Too Long" when I attempt a
> >> PIN reset based on the documentation.
> >
> > Please let us and the list know if you get PIN change to work.
> >
> > Thanks!
>
> No success on PIN changes with this series of token. I have 2 different
> EXPORT.DPX files I can choose from: One without PINs, and one with
> pre-defined PINs. Regardless of which of the two files I import into our
> system, I get the same result as listed above when attempting to use the
> PIN change procedure. It's a shame, we have 125 of these tokens, and I'd
> love to be able to use them, but our policies require that the PINs must be
> reset when the tokens are re-issued. I suppose I can mark the tokens for
> single-issue only, and ensure they aren't re-issued after.
>
>
> If there is a way to decode the options in the DPX files to determine which
> entry defines the ability to change PINs, I'll check my files to see if it
> exists.
I dont know if you can do it by inspection of the DPX file, but if you use the
digipass.pl program part of our Authen-Digipass to import then 'info' the
token it will tell you whether PIN is enabled or not.
Cheers.
>
> Fortunately, we primarily use eToken NG-OTP 64k, eToken PASS, and a couple
> of software-based OTP tokens on mobile phones. Those are all plenty
> flexible for our needs. That reminds me of another question, but I'll
> start another post for it.
>
> Thanks!
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list