# value of `User-Password`, into the user's password, and the OTP token.
#
# NOTE: If enabled and successful, the value of `&request.User-Password` will be
- # truncated and `&request.Yubikey-OTP` will be added.
+ # truncated and `&request.Vendor-Specific.Yubicon.Yubikey-OTP` will be added.
#
# split = yes
#
# [options="header,autowidth"]
# |===
- # | Attributes | Description
- # | `&control.Yubikey-Key` | The AES key used to decrypt the OTP data.
- # The `Yubikey-Public-Id` and/or User-Name
- # attributes may be used to retrieve the key.
- # The value is a `16-byte` binary blob.
- # | `&control.Yubikey-Counter` | This is compared with the counter in the OTP
- # data and used to prevent replay attacks.
- # This attribute will also be available in
- # the request list after successful decryption.
+ # | Attributes | Description
+ # | `&control.Vendor-Specific.Yubicon.Yubikey-Key` | The AES key used to decrypt the OTP data.
+ # The `Yubikey-Public-Id` and/or User-Name
+ # attributes may be used to retrieve the key.
+ # The value is a `16-byte` binary blob.
+ # | `&control.Vendor-Specific.Yubicon.Yubikey-Counter` | This is compared with the counter in the OTP
+ # data and used to prevent replay attacks.
+ # This attribute will also be available in
+ # the request list after successful decryption.
# |===
#
- # NOTE: `Yubikey-Counter` isn't strictly required, but the server will generate
+ # NOTE: `Vendor-Specific.Yubicon.Yubikey-Counter` isn't strictly required, but the server will generate
# warnings if it's not present when `yubikey.authenticate` is called.
#
# These attributes are available after `authorization`:
#
# [options="header,autowidth"]
# |===
- # | Attributes | Description
- # | `&request.Yubikey-Public-ID` | The public portion of the OTP string.
- # The value is a `id_len` modhex string.
+ # | Attributes | Description
+ # | `&request.Vendor-Specific.Yubicon.Yubikey-Public-ID` | The public portion of the OTP string.
+ # The value is a `id_len` modhex string.
# |===
#
# and additionally if 'split' is set:
#
# [options="header,autowidth"]
# |===
- # | Attributes | Description
- # | `&request.Yubikey-OTP` | The OTP portion of `User-Password`.
+ # | Attributes | Description
+ # | `&request.Vendor-Specific.Yubicon.Yubikey-OTP` | The OTP portion of `User-Password`.
# |===
#
# These attributes are available after authentication (if successful):
#
# [options="header,autowidth"]
# |===
- # | Attributes | Description
- # | `&request.Yubikey-Private-ID` | The encrypted ID included in OTP data,
- # should be verified for increased security.
- # The value is a `6-byte` binary blob.
- # | `&request.Yubikey-Counter` | The last counter value (should be recorded).
- # The value is a concatenation of the 16-bit
- # session count & `8-bit` use count which form a
- # `24-bit` monotonically strictly increasing
- # integer (until the individual count ceilings
- # are hit)
- # | `&request.Yubikey-Timestamp` | Token's internal clock (mainly useful for debugging).
- # The value is a 24-bit increasing `integer @ 8 Hz`
- # with rollover which is randomly initialized each session.
- # | `&request.Yubikey-Random` | Randomly generated value from the token.
- # The value is a 16-bit integer.
+ # | Attributes | Description
+ # | `&request.Vendor-Specific.Yubicon.Yubikey-Private-ID` | The encrypted ID included in OTP data,
+ # should be verified for increased security.
+ # The value is a `6-byte` binary blob.
+ # | `&request.Vendor-Specific.Yubicon.Yubikey-Counter` | The last counter value (should be recorded).
+ # The value is a concatenation of the 16-bit
+ # session count & `8-bit` use count which form a
+ # `24-bit` monotonically strictly increasing
+ # integer (until the individual count ceilings
+ # are hit)
+ # | `&request.Vendor-Specific.Yubicon.Yubikey-Timestamp` | Token's internal clock (mainly useful for debugging).
+ # The value is a 24-bit increasing `integer @ 8 Hz`
+ # with rollover which is randomly initialized each session.
+ # | `&request.Vendor-Specific.Yubicon.Yubikey-Random` | Randomly generated value from the token.
+ # The value is a 16-bit integer.
# |===
#
decrypt = no
projects / thirdparty / freeradius-server.git / commitdiff
