[39464] in Kerberos
Re: Subject: Assistance Needed with OTP Plugin Development
daemon@ATHENA.MIT.EDU (Cervantes Wu (Lum))
Tue Nov 5 23:51:25 2024
MIME-Version: 1.0
In-Reply-To: <CA+GHH1yKEO_C3b=yL8N2Php9s8=c9ZDh8Us1+Ej4uyBbXcOGPQ@mail.gmail.com>
From: "Cervantes Wu (Lum)" <cwlum@sloan.mit.edu>
Date: Wed, 6 Nov 2024 01:07:45 +0800
Message-ID: <CAGehGid=FDpcs_hz7mcfGVK-pu3_4cBii3VuCzEKC1F9FFyEcw@mail.gmail.com>
To: TheBest Rodger <d.kalikin2013@gmail.com>
Cc: kerberos@mit.edu
Reply-To: cwlum@mriwu.us
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Dmitry,
Based on your description, I have some suggestions that may help resolve
the issue with the otp_verify function not loading or printing messages:
1. Check KDC logs for pre-authentication messages. This can provide
valuable insights into why otp_verify isn't being called or generating
messages.
2. Verify that your OTP mechanism support is properly registered with the
system. This could be a reason why otp_verify isn't loading correctly.
3. Enable more verbose logging in your KDC configuration. This can help
track the authentication flow and identify where exactly the verification
process is failing.
4. Review your kdc.conf and krb5.conf files to ensure all necessary
settings for OTP are correctly implemented.
5. Verify that your plugin_base_dir is correctly set in krb5.conf and that
preferred_preauth_types includes OTP authentication.
6. Check if the pre-authentication data is being properly sent within the
encrypted FAST pre-authentication data type of the AS-REQ. Also, verify if
the KDC is correctly obtaining the OTP value and generating the appropriate
keys.
—Cervantes
On Tue, Nov 5, 2024 at 11:24 PM TheBest Rodger <d.kalikin2013@gmail.com>
wrote:
> Dear Support Team,
>
> I hope this message finds you well. My name is Dmitry, and I am currently
> developing an OTP plugin using kdctest and otp_state . I am encountering
> an issue during the development process, particularly after attempting to
> log in on Ubuntu via the console with sudo login [username] and entering
> the password.
>
> The functions otp_init, otp_fini, otp_flags, and otp_edata are successfully
> loaded and generate messages in com_err. However, I am facing a problem
> with otp_verify, which does not loaded and does not print messages..
> Despite trying various approaches to resolve this, I have not been
> successful.
>
> Additionally, I have used preauth modules: test and otp. Could the issue be
> related to missing or incorrect configurations in kdc.conf or krb5.conf?
> Perhaps there is something additional that needs to be included or
> configured beyond what I have already implemented.
>
> Your guidance on how to overcome this challenge would be greatly
> appreciated.
>
> Thank you for your time and assistance.
>
> Best regards,
>
> Dmitry
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
[image: 4519013ebbefda0a227d3013be41931e8775d55c]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
