OTP NotBefore should use UTC time

ubccr / mokey

FreeIPA self-service account management portal

BSD 3-Clause "New" or "Revised" License

191 stars 46 forks source link

OTP NotBefore should use UTC time #124

Open fajo-de opened 1 year ago

fajo-de commented 1 year ago

When a user adds an OTP token, the application will set NotBefore on the token. If the server running MoKey 6.3 has a time zone other than UTC configured it will cause the wrong start date/time to be set in IPA.

This most probably is caused by MoKey using time.Now() instead of time.Now().UTC() when setting the start time.

fajo-de commented 1 year ago

As a workaround simply add the below to the service config /etc/default/mokey:

TZ=UTC