[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Hotp-toolkit-help] Possible bug in HOTP / support for TOTP, OCRA?
From: |
Simon Josefsson |
Subject: |
Re: [Hotp-toolkit-help] Possible bug in HOTP / support for TOTP, OCRA? |
Date: |
Mon, 27 Dec 2010 15:31:45 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux) |
Rick van Rein <address@hidden> writes:
> Hello Simon/others,
>
> Thanks for a well-done HOTP toolkit package and its proper documentation.
Hi Rick! Thank you. :-)
> I had trouble getting it started, and the reason appears to be the "-" in the
> proposed initial /etc/users.hotp file. To get the PAM module working, I had
> to
> uncomment these lines from usersfile.c:
>
> if (strcmp (p, "-") == 0 && *p != '\0')
> return HOTP_BAD_PASSWORD;
> if (strcmp (p, passwd) != 0)
> return HOTP_BAD_PASSWORD;
>
> Without it, I always got the HOTP_BAD_PASSWORD return. Looking at the code, I
> was confused why the test *p != '\0' is done after strcmp (p, "0") == 0 as it
> does not add anything? Possibly this code is mistaken?
>
> I am uncertain about the purpose of this code, and am I the only one who
> cannot
> get the PAM module going with the proposed initial /etc/users.hotp file? I
> used
> the README-proposed contents:
>
> HOTP root - 00
I am looking at this now, first to see whether I can reproduce it
locally. Indeed the strcmp if case looks a bit strange.
> Also, I'd be interested to know if plans exist to support TOTP and OCRA.
As per the other thread, my plan is to rename the project to 'OATH
Toolkit' and support TOTP/OCRA too. I'll start with renaming the
project, which is some work.. if you or anyone else wants to implement
the TOTP/OCRA part, that would be welcome!
/Simon