[RADIATOR] New eToken PASS import files have longer secret keys (64 chars vs. 48 chars)
Mike McCauley
mikem at open.com.au
Fri May 13 20:16:02 CDT 2011
Hi,
Can you please send an example of a key, counter and resulting correct OTP, so
we can investigate?
Cheers.
On Saturday 14 May 2011 05:35:32 am Linuxchuck wrote:
> Hello again,
>
> I've been successfully using eToken PASS tokens since we moved to Radiator
> without issue. We've recently purchased an additional set of 100 tokens
> because we were running low, and the DigiPass Go-7 tokens we recently
> received turn out to be unable to support changing PINs. During the process
> of importing the new eToken PASS secret keys, I found that the token key
> import files shipped with the tokens have changed now since SafeNet has
> taken over ownership of Aladdin.
>
> The new files are called "AlpineXml.xml" and "importAlpine.dat". The first
> is an XML file formatted exactly like the old XML files I'm familiar with
> from the original Aladdin days. The second file is an ldif-formatted file
> with basically the same information in it. I built an XML parsing PHP
> script to perform bulk-imports for the older Aladdin import files, and it
> works fine with the new XML files as well.
>
> I've noticed a particularly important change, however. The token secrets
> are now 64 characters long, and will not properly import into the standard
> secret column in the hotpkeys MySQL table which is a varchar(60) based on
> the sql table built in hotp.cfg. (FYI, the original keys in my first
> couple-hundred tokens were all 48 characters long.) In addition, the
> "version" string in the older XML files is "6.0", and in the newer version,
> is "6.20".
>
> I figured it would be a simple task to extend the storage of that column to
> compensate for the longer keys, and applied an alter table command to do
> just that. I then updated the keys for each token, ran a few queries to
> ensure they matched exactly with the keys provided in the XML file, and
> reloaded my Radiator servers. So far, so good...
>
> However, even though the new and longer secret keys now fit in the column,
> I can not get any of these newly imported tokens to authenticate properly.
> All of my older eToken PASS tokens with the shorter keys still work without
> issue. It's these new tokens with the longer keys that refuse to
> authenticate.
>
> Does anyone have an idea what could be going wrong here? I am not a Perl
> coder by any stretch of the imagination, and my rudimentary scan of the
> HOTP-related modules in Radiator did not give me any clues where things
> could be going wrong.
>
> Thanks in advance...
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list