[Freeipa-users] OTP Algorithm

Callum Guy callum.guy at x-on.co.uk
Tue Nov 29 11:17:14 UTC 2016 

Hi Petr,

Thanks for coming back to me on this.

I have only tried using Google Authenticator. The generated QR code
successfully scans and codes are then generated on the GA device as normal.
The problem is that the codes simply do not work.

My current thinking is that the service which interprets the codes
server-side is not configured to use the same algorithm meaning that it is
trying to validate sha256/sha512 (both tested and not functional for me)
etc codes against codes perhaps generated with sha1 (the only algorithm
that appears to work).

I apologise in advance for my naive interpretation of the situation, this
really isn't an area where i have experience. I'd love to understand whats
going on however I can't find what i need in the OTP documentation.

Best Regards,

Callum


On Tue, Nov 29, 2016 at 11:10 AM Petr Vobornik <pvoborni at redhat.com> wrote:

> On 11/28/2016 01:03 PM, Callum Guy wrote:
> > Hi All,
> >
> > I wanted to ask a quick question - perhaps a more experienced user will
> be able
> > to help or point me to the correct documentation.
> >
> > Basically we have implemented password+OTP type authentication which
> works great.
> >
> > When adding a OTP code using the admin login you can choose an
> algorithm. For us
> > the generated codes only work properly if the weakest sha1 algorithm is
> chosen/
> > To be clear the code generation works fine but the codes are not valid
> when
> > logging in. Is there a related setting we must change?
> >
> > Thanks,
> >
> > Callum
> >
>
> What type of otp token do you use? Does it work with some different?
> E.g. FreeOTP vs Google Authenticator ...
>
>
> --
> Petr Vobornik
>

-- 



*0333 332 0000  |  www.x-on.co.uk <http://www.x-on.co.uk>  |   ** 
<https://twitter.com/xonuk>   
<http://www.linkedin.com/company/x-on/products>   
<https://www.facebook.com/XonTel> * 
X-on is a trading name of Storacall Technology Ltd a limited company 
registered in England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel 
Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the 
addressee(s) only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332 0000 and delete the
message from your computer. If you are not a named addressee you must not 
use, disclose, disseminate, distribute, copy, print or reply to this email. Views 
or opinions expressed by an individual
within this email may not necessarily reflect the views of X-on or its 
associated companies. Although X-on routinely screens for viruses, 
addressees should scan this email and any attachments
for viruses. X-on makes no representation or warranty as to the absence of 
viruses in this email or any attachments.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161129/1a78b6d6/attachment.htm>

More information about the Freeipa-users mailing list