[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] Patch to include totp validation to the pam modu

From: Rien Broekstra
Subject: Re: [OATH-Toolkit-help] Patch to include totp validation to the pam module
Date: Wed, 06 Apr 2011 14:03:13 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9

On 4/6/2011 11:30 AM, Max Thoursie wrote:

[snip: totp pam patch]
One comment I got from Simon was that it should include an option to
disable reuse of a token in the same time window.

I didn't change that from the original, every token can be used to authenticate once, because the last succesful authentication is logged to the userfile (otp and date), and if the user-supplied otp matches the last-used otp the authentication fails

Using the moving factor for time step size was a good move, I've
should have thought of that. But why hardcode the window size when it
can be configured for HOTP?

(I only spent a couple of hours reading the source, so what I'm writing below might be inaccurate:)

Can it? Afaik, the hotp-module saves token type, name, password, seed, movingfactor, and optionally the last used otp and the timestamp of last authentication. For totp-authentication we need all of those, except for the moving factor.

Of course it would be possible to add a column to the usersfile to also specify the windowsize, but that would break compatibility of the usersfile with older versions.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]