You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Stefan (Jira)" <ji...@apache.org> on 2020/04/29 11:24:00 UTC
[jira] [Updated] (GUACAMOLE-1056) Add support for tracking the time
drift between guacamole and TOTP-tokens
[ https://issues.apache.org/jira/browse/GUACAMOLE-1056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan updated GUACAMOLE-1056:
------------------------------
Description:
Tokens/Display cards which generate codes directly on the device have an internal clock. According our investigates it seams to be normal that a time drift of 2 second per week seems to be in a common range. At some point the time drift of these token is to high so the TOTP- extensions rejects the generated codes. Because it is not possible to correct the on an easy way, we will add a tracking of this time drift.
We added a new attribute for storing the value of the time drift next to the TOTP-Key. The module will accept 3 codes, one previous, one on time and one in the future. Depending on the accepted code the value will be decremented (previous) or incremented (future) or unchanged (on time). The new value will be used to compensate the timedrift on the next login
The changed code will follow the next days.
was:
Tokens/Display cards which generate codes directly on the device have an internal clock. According our investigates it seams to be normal that a time drift of 2 second per week seems to be in a common range. At some point the time drift of these token is to high so the TOTP- extensions rejects the generated codes. Because it is not possible to correct the on an easy way, we will add a tracking of this time drift.
We added a new attribute for storing the value of the time drift next to the TOTP-Key. The module will accept 3 codes, one previous, one on time and one in the future. Depending on the accepted code the value will be decremented (previous) or incremented (future) or unchanged (on time).
The changed code will follow the next days.
> Add support for tracking the time drift between guacamole and TOTP-tokens
> -------------------------------------------------------------------------
>
> Key: GUACAMOLE-1056
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1056
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-totp
> Reporter: Stefan
> Priority: Major
>
> Tokens/Display cards which generate codes directly on the device have an internal clock. According our investigates it seams to be normal that a time drift of 2 second per week seems to be in a common range. At some point the time drift of these token is to high so the TOTP- extensions rejects the generated codes. Because it is not possible to correct the on an easy way, we will add a tracking of this time drift.
> We added a new attribute for storing the value of the time drift next to the TOTP-Key. The module will accept 3 codes, one previous, one on time and one in the future. Depending on the accepted code the value will be decremented (previous) or incremented (future) or unchanged (on time). The new value will be used to compensate the timedrift on the next login
> The changed code will follow the next days.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)