freeradius and yubikeys
Frederic Van Espen
frederic.ve at gmail.com
Sat May 10 18:01:49 CEST 2014
On Sat, May 10, 2014 at 2:44 PM, Arran Cudbard-Bell
<a.cudbardb at freeradius.org> wrote:
>> I don't believe the configuration was changed, and it was working on
>> 3.0.2 with the password and token splitting done in the vhost config.
>> I'll test later today with version 3.0.2 again to confirm.
Confirmed, without even touching the rlm_yubikey config file and
simply downgrading the packages, authentication works fine. The API
key was not changed in the config files.
> Hm, fixed that one issue, doubt it would of cause a validation error though.
> The rest of the output was false positives. The server just exits without
> attempting to cleanup unless you specify -m.
That's weird. I did start it like this: valgrind --leak-check=full
/usr/sbin/freeradius -Xx -m
> I've made it a bit more strict about starting up with invalid API keys, so if
> it's getting the config from where other than where you think it is, it'll
> refuse to start.
I took a few HTTP traces to compare the difference between 3.0.2 and
3.0.3. Here's the request for 3.0.2:
48.948991 172.16.35.65 -> 22.214.171.124 HTTP 293 GET
And here's one for 3.0.3:
0.033011 172.16.35.65 -> 126.96.36.199 HTTP 264 GET
Looks like we're sending the user's password instead of the OTP :-) I
guess that should be easy to fix?
More information about the Freeradius-Users