You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/05/01 12:27:00 UTC
[jira] [Updated] (GUACAMOLE-819) Documented Duo secret key length
is incorrect
[ https://issues.apache.org/jira/browse/GUACAMOLE-819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman updated GUACAMOLE-819:
------------------------------------
Fix Version/s: 1.3.0
> Documented Duo secret key length is incorrect
> ---------------------------------------------
>
> Key: GUACAMOLE-819
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-819
> Project: Guacamole
> Issue Type: Bug
> Components: Documentation
> Reporter: Stephen Jenkins
> Assignee: Nick Couchman
> Priority: Trivial
> Fix For: 1.3.0
>
>
> The length of the Duo secret key is documented within the Guacamole manual as exactly 20 characters. This is incorrect. The _integration_ key is exactly 20 characters, but the secret key is 40 characters.
> This can be seen in the definition and usage of the constants in [Duo's {{DuoWeb}} class|https://github.com/duosecurity/duo_java/blob/de98f6cece74a3097fb6018417084ea4d069dbf2/DuoWeb/src/main/java/com/duosecurity/duoweb/DuoWeb.java]:
> {code:java}
> public final class DuoWeb {
> ...
> private static final int IKEY_LEN = 20;
> private static final int SKEY_LEN = 40;
> private static final int AKEY_LEN = 40;
> ...
> public static String signRequest(final String ikey, final String skey, final String akey, final String username, final long time) {
> ...
> if (ikey.equals("") || ikey.length() != IKEY_LEN) {
> return ERR_IKEY;
> }
> if (skey.equals("") || skey.length() != SKEY_LEN) {
> return ERR_SKEY;
> }
> if (akey.equals("") || akey.length() < AKEY_LEN) {
> return ERR_AKEY;
> }
> ...
> {code}
> Note that the lengths of the various keys are not actually enforced by the guacamole-auth-duo extension, so while the manual is incorrect, the extension should still function as long as correct key values are provided.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)