Bug 1368981
Summary: | ipa otptoken-add --type=hotp --key creates wrong OTP | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Pazdziora <jpazdziora> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
Severity: | unspecified | Docs Contact: | Aneta Šteflová Petrová <apetrova> |
Priority: | unspecified | ||
Version: | 7.3 | CC: | dkupka, jcholast, jhrozek, jpazdziora, mkolaja, mvarun, pvoborni, rcritten, spoore |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.4.0-9.el7 | Doc Type: | Bug Fix |
Doc Text: |
Adding an IdM OTP token with a custom key works as expected
When the user executed the "ipa otptoken-add" command with the "--key" option to add a new one-time password (OTP) token, the Identity Management (IdM) command line converted the token key provided by the user incorrectly. Consequently, the OTP token created in IdM was invalid, and attempts to authenticate using the OTP token failed. This update fixes the bug, and OTP tokens created in this situation are valid.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 06:01:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Pazdziora
2016-08-22 09:30:56 UTC
Note: $ echo GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ | base64 -d | base32 DBDEGGGQKUMY3U2A4JIBQRSDDDIFKGMN2NAOEUA= looks like thin-client related output decoding issue. Upstream ticket: https://fedorahosted.org/freeipa/ticket/6247 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/386fdc1d77affc897b923a58602a9f14325216c6/ Verified ipa-server-4.4.0-12.el7.x86_64 [root@host108 ~]# ipa otptoken-add --type=hotp --key Key: Enter Key again to verify: ipa: WARNING: QR code width is greater than that of the output tty. Please resize your terminal. ------------------ Added OTP token "" ------------------ Unique ID: d33ea305-97b4-4837-9716-ff945a32fb5e Type: HOTP Owner: admin Manager: admin Key: MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= Algorithm: sha1 Digits: 6 Counter: 0 URI: otpauth://hotp/admin:d33ea305-97b4-4837-9716-ff945a32fb5e?digits=6&secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ&counter=0&algorithm=SHA1&issuer=admin%40TESTRELM.TEST █████████████████████████████████████████████████████████████ █████████████████████████████████████████████████████████████ ████ ▄▄▄▄▄ █▄██▄▀█▄▄█▄█ ▀██▄█▀█▄▀█▄▄█▄▀▄▄ █▄▀ ▀██ ▄▄▄▄▄ ████ ████ █ █ █▀█▀█ ▀ ▄█ ▀▀ █ ▄▄▄██▄█ █▀▀ ██▀▀▄▀▄▀█ █ █ ████ ████ █▄▄▄█ █ ▀▄ ▄ ▀█▄██ ▄▄▄ █ █▀▀██▄ ▄█ ▄ ███ █▄▄▄█ ████ ████▄▄▄▄▄▄▄█ █▄▀ ▀▄▀ █ ▀ ▀▄▀ █▄█ █▄█▄▀ █ █▄▀▄█ ▀ █▄▄▄▄▄▄▄████ ████ ███ █▄▄▄▄▄▄▄█▀▄ █▄ ▄▄▀▀▄▄ ▄ █▄ ▄█▀▄ █▄▀▀▀ ▄ ▄█▀ ████ ████ ██▄▀█▄▄██████▀ ▄ ▀▀▄▄▀ ▄ █ ▀ ▀▄██ ▄▄▄▄▀▀█▀▄▀█▄████ █████▄▄█▀▀▄███ ██ ▄▄█▀▄ ██▄▀██▀▀ ▀█▄ █▀▀ █▀▀██ ▀▀█▄█▄█ ████ ████▀ ▀ ▄▄▄▄▄▀ ▀ █▀▄▄▀█▄▀ ▀▄██▄ █▀▄▀█▀ ▄▄██▄▀▄▄█ ▄█▄██▄████ ████ ▄▀▀ █▄▀▄▀█▄▀ ▄ ▄▄▀█▄██▄▀▀█▀ ▄ ▄███▀ █▄█▄ ▄▄ ▄█████▀████ █████▄▀ █▄▀ █▄ █ ██▄▄▄ ███ ███ ▀▄█▄ ▀▄▄█▄▀▄▄▀ █ ▄▄▄▄████ ████ ▀█▀▀▄▄ ▄ ▀█▀▄█ ▄▀█▀█▄ ▀ ▀█ ▀▄ ▀██ ▄▄ ▀▄ ▀▄▀████ ████ ▄ █▄▄▀▀███ ▄▄▀▄▄ ██ ▀███▄ ▄▄▄▀ ▀ ▀ █▄▀ █ ▄▄ ▄ ▄█ ████ ████▀▄ █ ▄▄▄ ▀ █ █▀ ▄▄▀ ▄▀▄▄ ▄▄▄ ▄▀▄ ███▄█▀▀▀ ▄ ▄▄▄ █▀▄█████ ████ ▄██ █▄█ █ ▀▀ ██▀▄█▀▄▀▄ █▄█ ▄█▀ ▄▄█▄▀▄▄ ▄ █▄█ ▀█▀▀████ ████▄ ▄█▄▄▄ ▄▀█▄▄▀█▀█ █ ▄▄▀▄ ▄ ▄▄█▀▀ ▀ █ █▄ ▀ ▀ ▄ ▄ ▄█▀▄ ████ ████ ███ ▀▄ ▄▀ █▀▄▄ ▄▄ ▄▀▄██▀▀█▀▄▀▄▀ █ ▄ █▄ ▄ ▄█▄▀▄ █▄▀█ ████ ████▀▄█▀ ▄▄█ ██▄█ █▄▀ ▀▄▀▄▄█▄ ▀▄▄ ▄██▄█ ▄▀██ ▀█ ▄█ ▀▄▄ ▀████ ██████▄▀▄▀▄ ▀ █▄▀▄ ███ ██▀██ █▄ ▀█▄█▀▀▀██ █▄▄▄ ▀▄▀█ ▄█ ████ ████▀▀ ▄▀▄▄█ ▀ ▄▄█ █ ▀█▀ █▀ ▀ ▄▄█▄▀ █ ██ ▀ ▀█▀ ▄▄▄ ▀ ▀█▄████ █████▀▄▀▄ ▄██▀▄▄ █▀ ▀ ▄ ▀▀█ ▄ █▀▀█▄▄▀ ▀▀▄▀▀▀▄▄█▄ ▀██ █▄ ████ ████▀█▀ ▀▀▄█▀ ▀▀███ ▄▄ ▄▄██▀▄▀▄▀▀█▄██▄ ▄▀█▄▄█ █▀▄█▀▄ ████ ████▄ ▀▄▄▄▄█▀▀▀█▀▀▄ ▄█ █▀▄ ▀ ▄█▄ ▀ ▀████▄▄█ ▀▄█▄▀▀ █ ▄████ ███████▄██▄▄▀▄ ██▄ ██▄ █▄▀█ ▄▄▄ ▄▀▀ ███ █ █▀ ▄▄▄ ▀██████ ████ ▄▄▄▄▄ █▄▀▄▀█▄██▀ ▀▄█▄ ▄ █▄█ ▄▄█▀▄▄▄▄█▄▄█ █ █▄█ ▀█▀▀████ ████ █ █ █▄▀ ██▄▀▀▀ ▄█▀▀█▄▄ ▄ ▄█ █▀▀ ███▀▄▀▀ ▀▄▄ ▄▄▄▀▀█████ ████ █▄▄▄█ ██▄▀▄█▀██▄▄ ██▄▀█ ██▀ █ ▀ █ ▄█▄ ▄ █ ▀▀██▀ ████ ████▄▄▄▄▄▄▄█▄▄▄████▄▄▄▄▄▄▄▄▄▄▄█▄▄██▄█▄▄▄▄█▄████▄▄██▄▄▄▄▄█████ █████████████████████████████████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ dn: ipatokenuniqueid=d33ea305-97b4-4837-9716-ff945a32fb5e,cn=otp,dc=testrelm,dc=test ipatokenuniqueid: d33ea305-97b4-4837-9716-ff945a32fb5e type: HOTP ipatokenowner: uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test managedby: uid=admin,cn=users,cn=accounts,dc=testrelm,dc=test ipatokenHOTPcounter: 0 ipatokenOTPalgorithm: sha1 ipatokenOTPdigits: 6 ipatokenOTPkey: MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= objectclass: ipatokenhotp objectclass: ipatoken objectclass: top Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |