Copy:
kerberos@mit.edu
Hi Dmitry,
Based on your description, I have some suggestions that may help resolve
the issue with the otp_verify function not loading or printing messages:
1. Check KDC logs for pre-authentication messages. This can provide
valuable insights into why otp_verify isn't being called or generating messages.
2. Verify that your OTP mechanism support is properly registered with the system. This could be a reason why otp_verify isn't loading correctly.
3. Enable more verbose logging in your KDC configuration. This can help
track the authentication flow and identify where exactly the verification process is failing.
4. Review your kdc.conf and krb5.conf files to ensure all necessary
settings for OTP are correctly implemented.
5. Verify that your plugin_base_dir is correctly set in krb5.conf and that preferred_preauth_types includes OTP authentication.
6. Check if the pre-authentication data is being properly sent within the encrypted FAST pre-authentication data type of the AS-REQ. Also, verify if
the KDC is correctly obtaining the OTP value and generating the appropriate keys.
—Cervantes
On Tue, Nov 5, 2024 at 11:24 PM TheBest Rodger <
d.kalikin2013@gmail.com> wrote:
Dear Support Team,
I hope this message finds you well. My name is Dmitry, and I am currently developing an OTP plugin using kdctest and otp_state . I am encountering
an issue during the development process, particularly after attempting to
log in on Ubuntu via the console with sudo login [username] and entering
the password.
The functions otp_init, otp_fini, otp_flags, and otp_edata are successfully loaded and generate messages in com_err. However, I am facing a problem
with otp_verify, which does not loaded and does not print messages..
Despite trying various approaches to resolve this, I have not been successful.
Additionally, I have used preauth modules: test and otp. Could the issue be related to missing or incorrect configurations in kdc.conf or krb5.conf? Perhaps there is something additional that needs to be included or
configured beyond what I have already implemented.
Your guidance on how to overcome this challenge would be greatly
appreciated.
Thank you for your time and assistance.
Best regards,
Dmitry
________________________________________________
Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
[image: 4519013ebbefda0a227d3013be41931e8775d55c]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)