From: Nick Porter Date: Tue, 9 Jan 2024 10:58:15 +0000 (+0000) Subject: Update yukikey sample module to refelect nested attribute names X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f51b380b5cf00efb239c404b9b9da1fe749547ba;p=thirdparty%2Ffreeradius-server.git Update yukikey sample module to refelect nested attribute names --- diff --git a/raddb/mods-available/yubikey b/raddb/mods-available/yubikey index f63d2322eba..48da2a890a8 100644 --- a/raddb/mods-available/yubikey +++ b/raddb/mods-available/yubikey @@ -32,7 +32,7 @@ yubikey { # value of `User-Password`, into the user's password, and the OTP token. # # NOTE: If enabled and successful, the value of `&request.User-Password` will be - # truncated and `&request.Yubikey-OTP` will be added. + # truncated and `&request.Vendor-Specific.Yubicon.Yubikey-OTP` will be added. # # split = yes @@ -65,56 +65,56 @@ yubikey { # # [options="header,autowidth"] # |=== - # | Attributes | Description - # | `&control.Yubikey-Key` | The AES key used to decrypt the OTP data. - # The `Yubikey-Public-Id` and/or User-Name - # attributes may be used to retrieve the key. - # The value is a `16-byte` binary blob. - # | `&control.Yubikey-Counter` | This is compared with the counter in the OTP - # data and used to prevent replay attacks. - # This attribute will also be available in - # the request list after successful decryption. + # | Attributes | Description + # | `&control.Vendor-Specific.Yubicon.Yubikey-Key` | The AES key used to decrypt the OTP data. + # The `Yubikey-Public-Id` and/or User-Name + # attributes may be used to retrieve the key. + # The value is a `16-byte` binary blob. + # | `&control.Vendor-Specific.Yubicon.Yubikey-Counter` | This is compared with the counter in the OTP + # data and used to prevent replay attacks. + # This attribute will also be available in + # the request list after successful decryption. # |=== # - # NOTE: `Yubikey-Counter` isn't strictly required, but the server will generate + # NOTE: `Vendor-Specific.Yubicon.Yubikey-Counter` isn't strictly required, but the server will generate # warnings if it's not present when `yubikey.authenticate` is called. # # These attributes are available after `authorization`: # # [options="header,autowidth"] # |=== - # | Attributes | Description - # | `&request.Yubikey-Public-ID` | The public portion of the OTP string. - # The value is a `id_len` modhex string. + # | Attributes | Description + # | `&request.Vendor-Specific.Yubicon.Yubikey-Public-ID` | The public portion of the OTP string. + # The value is a `id_len` modhex string. # |=== # # and additionally if 'split' is set: # # [options="header,autowidth"] # |=== - # | Attributes | Description - # | `&request.Yubikey-OTP` | The OTP portion of `User-Password`. + # | Attributes | Description + # | `&request.Vendor-Specific.Yubicon.Yubikey-OTP` | The OTP portion of `User-Password`. # |=== # # These attributes are available after authentication (if successful): # # [options="header,autowidth"] # |=== - # | Attributes | Description - # | `&request.Yubikey-Private-ID` | The encrypted ID included in OTP data, - # should be verified for increased security. - # The value is a `6-byte` binary blob. - # | `&request.Yubikey-Counter` | The last counter value (should be recorded). - # The value is a concatenation of the 16-bit - # session count & `8-bit` use count which form a - # `24-bit` monotonically strictly increasing - # integer (until the individual count ceilings - # are hit) - # | `&request.Yubikey-Timestamp` | Token's internal clock (mainly useful for debugging). - # The value is a 24-bit increasing `integer @ 8 Hz` - # with rollover which is randomly initialized each session. - # | `&request.Yubikey-Random` | Randomly generated value from the token. - # The value is a 16-bit integer. + # | Attributes | Description + # | `&request.Vendor-Specific.Yubicon.Yubikey-Private-ID` | The encrypted ID included in OTP data, + # should be verified for increased security. + # The value is a `6-byte` binary blob. + # | `&request.Vendor-Specific.Yubicon.Yubikey-Counter` | The last counter value (should be recorded). + # The value is a concatenation of the 16-bit + # session count & `8-bit` use count which form a + # `24-bit` monotonically strictly increasing + # integer (until the individual count ceilings + # are hit) + # | `&request.Vendor-Specific.Yubicon.Yubikey-Timestamp` | Token's internal clock (mainly useful for debugging). + # The value is a 24-bit increasing `integer @ 8 Hz` + # with rollover which is randomly initialized each session. + # | `&request.Vendor-Specific.Yubicon.Yubikey-Random` | Randomly generated value from the token. + # The value is a 16-bit integer. # |=== # decrypt = no