On 15.9.2014 21:08, Nathaniel McCallum wrote:
On Thu, 2014-08-28 at 22:54 -0400, Nathaniel McCallum wrote:
This prevents any local attempt at rapid token code replay. If two
token codes hit the system at roughly the same moment, only the
first write will succeed. All subsequent authentications will fail.

This obviates the need for an OTP authentication lock.


I still need a review of this. This is targeted for 4.1.


Works fine with HTOP but fails for new TOTP tokens.

New TOTP token doesn't have a watermark attribute set so there is nothing to delete and therefore standard login procedure fails on writeattr call (libotp.c:223).
Petr Vobornik

Freeipa-devel mailing list

Reply via email to