On Sat, May 10, 2014 at 8:01 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
Good catch. Half the original auth code got the passcode from char *passcode, and the other used VALUE_PAIR *request->password *sigh*. Ok, all uses passcode now, should work.
Confirmed working fine now :)
You know you can do the decryption locally right? You don't need to use their servers. The module didn't even have support for ykclient until they grumbled about it.
You can put the shared keys in LDAP as well, you just need to figure out a place to stick the replay counters.
I do know :) I'm currently just trying to set up a small prototype, but admittedly, I haven't done all that much research yet on how to make things run locally. But I'm really going to use all this in production, that's certainly the way we'll go. Thanks a bunch for all your efforts! Frederic