On 9 May 2014, at 15:49, Frederic Van Espen <frederic.ve@gmail.com> wrote:
On Fri, May 9, 2014 at 3:52 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
I've fixed it in v3.0.x HEAD (which will become 3.0.3 very soon) so that it just works. If you could test it'd be very much appreciated :)
For your setup with LDAP and crypt, it'd be something like: authorize { yubikey ldap }
authenticate { Auth-Type yubikey { yubikey pap } }
Alas, does not seem to work with the configuration you suggest :-(
Git pull... I haven't fixed anything, but i've added a format marker, so it'll show where in the string it found the non modhex char. It'll only show up with -Xx because of the policy we introduced about not showing sensitive strings with -X, after a couple of accidental postings of passwords to GitHub and the list. I tested with your string and it came back fine, so i'm a little confused. Here's my output (with -Xx). Received Access-Request Id 50 from 127.0.0.1:54741 to 127.0.0.1:1812 length 91 Code: 1 Id: 50 Length: 91 Vector: d6f8b36def2807b39afba22805bd09f5 Data: 01 05 66 6f 6f 02 42 d9 dc 63 29 40 fb 89 6d 8d 9c 24 bf 8b 63 a4 dd e0 72 05 bb 58 38 ab 56 7c 40 ec d8 51 8e 98 49 cd a9 e4 4e 76 1a 53 0c 14 67 29 a2 98 c4 8d ad 1a ce 51 70 e8 bb 44 70 ed ae 8e ff c6 8d 1a 8a User-Name = 'foo' User-Password = 'testingpasswordccccccdbkebjkgfkgdrvthntvckrnifbicgrdgrldigl' Fri May 9 18:40:54 2014 : Debug: (0) # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default Fri May 9 18:40:54 2014 : Debug: (0) authorize { Fri May 9 18:40:54 2014 : Debug: (0) modsingle[authorize]: calling yubikey (rlm_yubikey) for request 0 Fri May 9 18:40:54 2014 : Debug: (0) yubikey : request:Yubikey-OTP := 'ccccccdbkebjkgfkgdrvthntvckrnifbicgrdgrldigl' Fri May 9 18:40:54 2014 : Debug: (0) yubikey : request:User-Password := 'testingpassword' Fri May 9 18:40:54 2014 : Debug: (0) modsingle[authorize]: returned from yubikey (rlm_yubikey) for request 0 Fri May 9 18:40:54 2014 : Debug: (0) [yubikey] = ok and your debug was was: Fri May 9 16:41:15 2014 : Debug: (0) yubikey : User-Password (aes-block) value contains non modhex chars Meaning it found a char outside of "cbdefghijklnrtuv" in the AES block portion, but were using the same string, so I don't see how that works. Relevant configuration files and debug output: mods-enabled/yubikey: yubikey { split = yes decrypt = no validate = yes validation { servers { } client_id = XXXXX api_key = 'OBSCURED' Hmm I'll add the << secret >> stuff to api_key as well. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2