[
https://issues.apache.org/jira/browse/GUACAMOLE-819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman updated GUACAMOLE-819:
------------------------------------
Fix Version/s: 1.3.0
> Documented Duo secret key length is incorrect
> ---------------------------------------------
>
> Key: GUACAMOLE-819
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-819
> Project: Guacamole
> Issue Type: Bug
> Components: Documentation
> Reporter: Stephen Jenkins
> Assignee: Nick Couchman
> Priority: Trivial
> Fix For: 1.3.0
>
>
> The length of the Duo secret key is documented within the Guacamole manual as
> exactly 20 characters. This is incorrect. The _integration_ key is exactly 20
> characters, but the secret key is 40 characters.
> This can be seen in the definition and usage of the constants in [Duo's
> {{DuoWeb}}
> class|https://github.com/duosecurity/duo_java/blob/de98f6cece74a3097fb6018417084ea4d069dbf2/DuoWeb/src/main/java/com/duosecurity/duoweb/DuoWeb.java]:
> {code:java}
> public final class DuoWeb {
> ...
> private static final int IKEY_LEN = 20;
> private static final int SKEY_LEN = 40;
> private static final int AKEY_LEN = 40;
> ...
> public static String signRequest(final String ikey, final String
> skey, final String akey, final String username, final long time) {
> ...
> if (ikey.equals("") || ikey.length() != IKEY_LEN) {
> return ERR_IKEY;
> }
> if (skey.equals("") || skey.length() != SKEY_LEN) {
> return ERR_SKEY;
> }
> if (akey.equals("") || akey.length() < AKEY_LEN) {
> return ERR_AKEY;
> }
> ...
> {code}
> Note that the lengths of the various keys are not actually enforced by the
> guacamole-auth-duo extension, so while the manual is incorrect, the extension
> should still function as long as correct key values are provided.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
