Thank you Michael for this knowledge. I get the idea of scratch codes, but how typical user of CAS may use them ?
Let's I've lost my phone with Google Authenticator but I remember my credentials and I've got scratch codes generated by CAS GAuth plugin. How can i use them now, when CAS asks me for a GAuth token ? W dniu czwartek, 15 marca 2018 14:59:57 UTC+1 użytkownik Michael O Holstein napisał: > > Forgot the salient bit. > > > The user it's typically like a lottery ticket, but need not be. You say > "provide the code for #56 on your card" and they run their finger down the > list and type that in. When they get to ~85% of the numbers you mail them a > new card. You can also do it electronically but that kind of defeats the > point. Lots of companies make these, just google "OTP scratch card" > > > -Mike. > ------------------------------ > *From:* Michael O Holstein > *Sent:* Thursday, March 15, 2018 9:57:17 AM > *To:* CAS Community > *Subject:* Re: [cas-user] Google Authenticator - scratch codes > > > Mathematically .. think salted hash of list of known values. output is on > the card .. you compare the values you have against what they gave you and > see if it matches. The salt is unique per card. You buy them in bulk and > you get a list of serial numbers = card ID .. usually there's QR so you can > do it somewhat easily via your crediantialing office (make someone else do > that BS, it's big numbers). > > > In Cas it's like any other plugin. The value of the current card and salt > is stored in (somewhere) and identifiable by (something) like the DN. It > looks up both, just like how the others work. IIRC you can also do it via > API but that's a bad dependency if it's not you running it, and why bother > if it's you. > > > Michael Holstein CISSP > > Cleveland State University > ------------------------------ > *From:* [email protected] <javascript:> <[email protected] <javascript:>> > on behalf of Janina Byky <[email protected] <javascript:>> > *Sent:* Thursday, March 15, 2018 9:44:29 AM > *To:* CAS Community > *Subject:* [cas-user] Google Authenticator - scratch codes > > Hello CAS users, > > I've worked out CAS + GAuth + mongodb, but I don't know how does the > scratch codes work in terms of CAS? How user can use them ? > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/c000a5a2-a3d2-40e2-ac19-27f521f3155f%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c000a5a2-a3d2-40e2-ac19-27f521f3155f%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1eb609f1-fc79-4f4b-929c-aeb7fe0939dc%40apereo.org.
