#
# and then run that locally to get an image.
#
+#
+# Some tokens get severely out of sync with local time. It is
+# possible to offset the definition of "now" for one token by setting:
+#
+# &control:TOTP-Time-Offset := 120
+#
+# This is a signed integer, with allowed values between -600 to +600.
+# The offset is added to to the current time, to get the tokens idea
+# of "now".
+#
totp {
#
# Default time step between time changes
VALUE Proxy-Tunneled-Request-As-EAP Yes 1
ATTRIBUTE Temp-Home-Server-String 1198 string
+ATTRIBUTE TOTP-Time-Offset 1199 signed
+
#
# Range: 1200-1279
# EAP-SIM (and other EAP type) weirdness.
keylen = len;
}
+ vp = fr_pair_find_by_num(request->config, PW_TOTP_TIME_OFFSET, 0, TAG_ANY);
+ if (vp && (vp->vp_signed > -600) && (vp->vp_signed < 600)) {
+ RDEBUG("Using TOTP-Time-Offset = %d", vp->vp_signed);
+ now += vp->vp_signed;
+ }
+
if (totp_cmp(request, now, key, keylen, password->vp_strvalue, instance) == 0) {
/*
* Forbid using a key more than once.
projects / thirdparty / freeradius-server.git / commitdiff
