Discussion:
Subject: Assistance Needed with OTP Plugin Development
(too old to reply)
TheBest Rodger
2024-11-05 14:32:24 UTC
Permalink
Dear Support Team,

I hope this message finds you well. My name is Dmitry, and I am currently
developing an OTP plugin using kdctest and otp_state . I am encountering
an issue during the development process, particularly after attempting to
log in on Ubuntu via the console with sudo login [username] and entering
the password.

The functions otp_init, otp_fini, otp_flags, and otp_edata are successfully
loaded and generate messages in com_err. However, I am facing a problem
with otp_verify, which does not loaded and does not print messages..
Despite trying various approaches to resolve this, I have not been
successful.

Additionally, I have used preauth modules: test and otp. Could the issue be
related to missing or incorrect configurations in kdc.conf or krb5.conf?
Perhaps there is something additional that needs to be included or
configured beyond what I have already implemented.

Your guidance on how to overcome this challenge would be greatly
appreciated.

Thank you for your time and assistance.

Best regards,

Dmitry
Cervantes Wu (Lum)
2024-11-05 17:07:45 UTC
Permalink
Hi Dmitry,

Based on your description, I have some suggestions that may help resolve
the issue with the otp_verify function not loading or printing messages:

1. Check KDC logs for pre-authentication messages. This can provide
valuable insights into why otp_verify isn't being called or generating
messages.

2. Verify that your OTP mechanism support is properly registered with the
system. This could be a reason why otp_verify isn't loading correctly.

3. Enable more verbose logging in your KDC configuration. This can help
track the authentication flow and identify where exactly the verification
process is failing.

4. Review your kdc.conf and krb5.conf files to ensure all necessary
settings for OTP are correctly implemented.

5. Verify that your plugin_base_dir is correctly set in krb5.conf and that
preferred_preauth_types includes OTP authentication.

6. Check if the pre-authentication data is being properly sent within the
encrypted FAST pre-authentication data type of the AS-REQ. Also, verify if
the KDC is correctly obtaining the OTP value and generating the appropriate
keys.

—Cervantes
Post by TheBest Rodger
Dear Support Team,
I hope this message finds you well. My name is Dmitry, and I am currently
developing an OTP plugin using kdctest and otp_state . I am encountering
an issue during the development process, particularly after attempting to
log in on Ubuntu via the console with sudo login [username] and entering
the password.
The functions otp_init, otp_fini, otp_flags, and otp_edata are successfully
loaded and generate messages in com_err. However, I am facing a problem
with otp_verify, which does not loaded and does not print messages..
Despite trying various approaches to resolve this, I have not been
successful.
Additionally, I have used preauth modules: test and otp. Could the issue be
related to missing or incorrect configurations in kdc.conf or krb5.conf?
Perhaps there is something additional that needs to be included or
configured beyond what I have already implemented.
Your guidance on how to overcome this challenge would be greatly
appreciated.
Thank you for your time and assistance.
Best regards,
Dmitry
________________________________________________
https://mailman.mit.edu/mailman/listinfo/kerberos
[image: 4519013ebbefda0a227d3013be41931e8775d55c]
​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​
Loading...