[RADIATOR] AuthBy SQLTOTP doc bugs
Mike McCauley
mikem at open.com.au
Thu Aug 23 03:08:07 CDT 2012
Hi Ray,
On Wednesday, August 22, 2012 04:26:34 PM Roy Badami wrote:
> While playing with the AuthBy SQLTOTP module, I came across a couple of
> errors in the documentation of the AuthSelect parameter (section 5.82.2
> of the reference manual).
>
> * The description and default query are missing field 6
> (last_timestep). This is particularly unfortunate, because if you use
> the query from the documentation, or a similar query based on it that
> omits field 6, then you lose replay protection. (The actual default
> query in AuthSQLTOTP.pm is correct, however.)
Fixed for the next release.
>
> * The documentation describes field 0 as the HEX encoded AES secret. In
> fact, TOTP does not use AES, it uses HMAC-SHA1.
Fixed for the next release.
>
> The SQLHOTP doc contains the same error re AES - I haven't verified the
> query in the doc as I've not played with that module.
Fixed for the next release.
Also updated examples in goodies in the latest patch set
Thanks for reporting these.
Cheers.
>
> Regards
>
> roy
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list