[RADIATOR] Yubikey Security
Heikki Vatiainen
hvn at open.com.au
Sun Jun 10 09:38:02 CDT 2012
On 06/07/2012 05:53 PM, Heikki Vatiainen wrote:
> Thanks for letting us know of this issue. I heard this will be looked at
> soon, so expect an update in the near future.
Patches for Radiator 4.9 now has this:
2012-06-09 AuthSQLYUBIKEY.pm AuthYUBIKEYGENERIC yubikey.cfg yubikey.txt
yubikey.sql
Improvements to AuthBy SQLYUBIKEY to add support for CheckSecretId.
If CheckSecretId is set, then check that the secretId fetched from
the database matches the secretId encoded in the submitted Yubikey
OTP. This increases the security of the Yubikey OTP and is
recommended best practice. Also improved the documentation for for
configuring yubikey.cfg and provided a better sample database for
use with yubikey.cfg
The new parameter, CheckSecretId, is off by default to prevent breaking
old installations which may not have secretId in the database.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list