pquerna
commented
5 years ago Yes -- there is a PR up w/ comments to fix this: https://github.com/pquerna/mod_authn_yubikey/pull/2
Open JackJHarris opened 5 years ago
pquerna
commented
5 years ago Yes -- there is a PR up w/ comments to fix this: https://github.com/pquerna/mod_authn_yubikey/pull/2
JackJHarris
commented
5 years ago Ah, yes -- I see, it uses a static nonce....
Setting up a build environment now to add something like this:
const char *url_template = "%s://%s/wsapi/2.0/verify?id=%d&otp=%s&nonce=%s%s%s%s";
srand(time(NULL));
char nonce1 [4];
char nonce2 [4];
char nonce3 [4];
char nonce4 [4];
sprintf(nonce1, "%04d", rand()%10000);
sprintf(nonce2, "%04d", rand()%10000);
sprintf(nonce3, "%04d", rand()%10000);
sprintf(nonce4, "%04d", rand()%10000);
asprintf (&url, url_template, cfg->validationProtocol, cfg->validationHost, client->client_id, yubikey, nonce1, nonce2, nonce3, nonce4);Will try to make a PR tonight
rahulsinghidrive
commented
4 years ago @JackJHarris any update on this issue?
mod_authn_yubikey relies on the version 1 yubico end-point
const char *url_template = "%s://%s/wsapi/verify?id=%d&otp=%s";Using the v1 api works some times, but now randomly reports:
Upgrade your client configuration to ensure service continuity. Read more at: https://status.yubico.com/2018/11/26/deprecating-yubicloud-v1-protocol-plain-text-requests-and-old-tls-versions/This leads to parse errors in the mod_authn_yubikey
[mod_authn_yubikey] Authentication failed, reason: Internal parse errorThe new form is as follows
const char *url_template = "%s://%s/wsapi/2.0/verify?id=%d&otp=%s&nonce=%s";where nonce needs to be a 16 character number