Am Sat, 7 Nov 2015 20:53:38 +0100 schrieb Dieter Klünter dieter@dkluenter.de:
Am Sat, 7 Nov 2015 14:33:22 +0100 schrieb Michael Ströder michael@stroeder.com:
Dieter Klünter wrote:
- added credentials by ldappasswd userPassword::
e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09
I have not really tried the module myself yet but I note that the key is actually 21 bytes long (see below). Shouldn't that be 20 bytes?
Ciao, Michael.
Python 2.7.10 (default, May 24 2015, 14:46:10) [GCC] on linux2
'e1RPVFAxfU5CVUVJNktFSk1ZRENOQlRHSTJUTVFLQ0lOQ0E9PT09'.decode('base64')
'{TOTP1}NBUEI6KEJMYDCNBTGI2TMQKCINCA===='
s='NBUEI6KEJMYDCNBTGI2TMQKCINCA===='.decode('base64') len(s)
21
The TOTP1 string is base32 encoded, not base64. With regard to length, this might be a bug in google Authenticator, as it would not accept a credential string shorter than mine.
Just for the records: the pw-totp has not a bug. The so called SMART devices are not smart at all. I expected them to convert user password to a base32 string, which they don't. To produce a totp numberstring, the valid base32 string has to be entered to the smart device application. I have successfully tested it with google authenticator, Sophos authenticator and FreeOTP.
-Dieter