#4493 Create a plugin that would lock an entry during an authentication
Closed: Fixed None Opened 9 years ago by dpal.

To prevent the replay attacks against a single server in OTP case the user entry should be "virtually locked" between the beginning of the authentication request and the moment the counts and HWM are updated to prevent parallel modification of theses fields for the tokens assigned to the users.

This is a part of the OTP feature.


IMO, this is a duplicate of #4441.

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=919228 (Red Hat Enterprise Linux 7)

Patch 0068 pushed:

master:

  • 915837c Move OTP synchronization step to after counter writeback

ipa-4-1:

  • 98debb7 Move OTP synchronization step to after counter writeback

master:

  • 41bf0ba Create ipa-otp-counter 389DS plugin

ipa-4-1:

  • 2f8dc3b Create ipa-otp-counter 389DS plugin

Metadata Update from @dpal:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.1

7 years ago

Login to comment on this ticket.

Metadata