Pull RLM_TOTP 6 digit commit in master to 3.2
Alan DeKok
aland at deployingradius.com
Wed Jun 19 12:09:44 UTC 2024
On Jun 18, 2024, at 10:12 PM, Peter Lambrechtsen via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Hash: SHA1
> Length: 6 Digits
> Time-step Size: 30 Seconds
Sure, that makes sense. I'll push a change.
> Additionally if hardware TOTP tokens are being used there is an issue where
> the time set when manufactured can get wildly out of skew as I have had
> more than one device that arrived that wasn't synced to UTC. The worst I
> have seen was a hardware token over 3 minutes behind.
>
> So if someone was looking to make changes in the module adding a per device
> hardware skew with a set number of seconds plus or minus UTC such as:
>
> TOTP-HardwareSkew = -180
>
> Or similar to set the number of seconds the particular hardware token is
> known to be out of skew.
That makes sense.
> I know patches are always welcome, but pulling the commit into 3.2 would be
> appreciated.
The rest of that commit isn't needed for v3.2, so I'll just make the length change.
> Would you like me to raise an issue on Github about this? Or update
> https://github.com/FreeRADIUS/freeradius-server/issues/4809
Sure. Add a note about time skew, which is perhaps better than increasing the time window.
Alan DeKok.
More information about the Freeradius-Users
mailing list