oath-toolkit-help
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Hotp-toolkit-help] Possible bug in HOTP / support for TOTP, OCRA?

From: Rick van Rein
Subject: [Hotp-toolkit-help] Possible bug in HOTP / support for TOTP, OCRA?
Date: Thu, 16 Dec 2010 10:39:54 +0000
User-agent: Mutt/1.5.11 
Hello Simon/others,

Thanks for a well-done HOTP toolkit package and its proper documentation.

I had trouble getting it started, and the reason appears to be the "-" in the
proposed initial /etc/users.hotp file.  To get the PAM module working, I had to
uncomment these lines from usersfile.c:

          if (strcmp (p, "-") == 0 && *p != '\0')
            return HOTP_BAD_PASSWORD;
          if (strcmp (p, passwd) != 0)
            return HOTP_BAD_PASSWORD;

Without it, I always got the HOTP_BAD_PASSWORD return.  Looking at the code, I
was confused why the test *p != '\0' is done after strcmp (p, "0") == 0 as it
does not add anything?  Possibly this code is mistaken?

I am uncertain about the purpose of this code, and am I the only one who cannot
get the PAM module going with the proposed initial /etc/users.hotp file?  I used
the README-proposed contents:

HOTP root - 00


Also, I'd be interested to know if plans exist to support TOTP and OCRA.


Thanks again,

Rick van Rein
OpenFortress
reply via email to
[Prev in Thread] Current Thread [Next in Thread]