On Tue, 2018-12-04 at 09:43 +0100, Florence Blanc-Renaud via FreeIPA- users wrote: > On 12/3/18 6:10 PM, Brian Topping via FreeIPA-users wrote: > > Hi all, I have a question about TOTP authenticators (Google Authenticator, > > Authy, FreeOTP): > > > > Why is it that a given URL/QRCode can load into all three authenticators, > > but all three give different OTP values at any given time and only FreeOTP > > actually works? > > Hi, > > TOTP values are generated using the current time to ensure their > uniqueness. I didn't have any issue when using Google Authenticator and > FreeOTP, but you need to make sure that the clocks are in sync when > using TOTP.
Keep in mind that a hardware (or even software) token may have clock drifting issues. These are handled by the server via token re-sync. It is best to have clocks in sync, but if the clock doesn't jump wildly the server should be able to handle clock differences with, at most, a re-sync. Simo. > > > > When I run `ipa otp-sync` with values from Authy, it crashes: > > > > ``` > > [root@ns-0 /]# ipa otptoken-sync 752f744e-1879-4499-a9c5-8932f739d26a > > User ID: player1 > > Password: > > First Code: > > Second Code: > > ipa: ERROR: non-public: AttributeError: 'NoneType' object has no attribute > > 'name' > > Traceback (most recent call last): > > File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 139, in > > execute > > result = self.Command[_name](*args, **options) > > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in > > __call__ > > return self.__do_call(*args, **options) > > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in > > __do_call > > ret = self.run(*args, **options) > > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1199, in > > run > > return self.forward(*args, **options) > > File "/usr/lib/python2.7/site-packages/ipaclient/plugins/otptoken.py", > > line 168, in forward > > query['token'] = DN((obj.primary_key.name, args[0]), > > AttributeError: 'NoneType' object has no attribute 'name' > > ipa: ERROR: an internal error has occurred > > ``` > > > > I could consistently reproduce the AttributeError exception. Could you > please open a ticket on pagure for this issue > (https://pagure.io/freeipa/new_issue)? > > flo > > > > Thanks kindly for any leads on this! > > > > Brian > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
