[Freeipa-devel] [PATCH 0062] Use delete/add for OTP counter/watermark updates
Petr Vobornik
pvoborni at redhat.com
Thu Sep 18 12:00:29 UTC 2014
On 15.9.2014 21:08, Nathaniel McCallum wrote:
> On Thu, 2014-08-28 at 22:54 -0400, Nathaniel McCallum wrote:
>> This prevents any local attempt at rapid token code replay. If two
>> token codes hit the system at roughly the same moment, only the
>> first write will succeed. All subsequent authentications will fail.
>>
>> This obviates the need for an OTP authentication lock.
>>
>> https://fedorahosted.org/freeipa/ticket/4493
>
> I still need a review of this. This is targeted for 4.1.
>
> Nathaniel
>
Works fine with HTOP but fails for new TOTP tokens.
New TOTP token doesn't have a watermark attribute set so there is
nothing to delete and therefore standard login procedure fails on
writeattr call (libotp.c:223).
--
Petr Vobornik
More information about the Freeipa-devel
mailing list