#4493 Create a plugin that would lock an entry during an authentication
Closed: Fixed None Opened 10 years ago by dpal.

To prevent the replay attacks against a single server in OTP case the user entry should be "virtually locked" between the beginning of the authentication request and the moment the counts and HWM are updated to prevent parallel modification of theses fields for the tokens assigned to the users.

This is a part of the OTP feature.


IMO, this is a duplicate of #4441.

Patch 0068 pushed:

master:

  • 915837c Move OTP synchronization step to after counter writeback

ipa-4-1:

  • 98debb7 Move OTP synchronization step to after counter writeback

master:

  • 41bf0ba Create ipa-otp-counter 389DS plugin

ipa-4-1:

  • 2f8dc3b Create ipa-otp-counter 389DS plugin

Metadata Update from @dpal:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.1

7 years ago

Log in to comment on this ticket.

Metadata