Authdata, preauth plugin headers
Dmitri Pal
dpal at redhat.com
Mon Jun 13 13:27:28 EDT 2011
On 06/13/2011 01:06 PM, Cornelius Kölbel wrote:
> This depends on the otp backend.
> A time based otp value is valid during a time window of usually 30 or 60
> seconds.
>
> The backend can store the last used timebased counter.
> Thus the decent backend of course invalidates the otp value from this
> window, when it was used.
> i.e. the user can not authenticate within the next 29 seconds.
This is called high water mark. The last used interval number is in fact
stored and replicated to all other servers.
> Kind regards
> Cornelius
>
> Am 13.06.2011 18:25, schrieb Russ Allbery:
>> Linus Nordberg <linus at nordu.net> writes:
>>
>>> What kind of OTP systems are vulnerable to replay attacks?
>> TOTP is, isn't it? Time-based OTP doesn't, so far as I understand it,
>> store a sequence number, so there isn't a non-time way of invalidating
>> used codes.
>>
>
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the krbdev
mailing list