Hi, On Wednesday 27 April 2011 11:25:55 pm Linuxchuck wrote: > On 04/05/2011 03:44 PM, Heikki Vatiainen wrote: > > On 04/04/2011 07:44 PM, Linuxchuck wrote: > >> Time for a DigiPass token question. I have a box of 125 brand-new > >> DigiPass Go-7 tokens that I have imported into our production > >> Radiator server, and they work just fine. My question is: Is the > >> static password change procedure as outlined in the documentation > >> applicable to Go-7 tokens? The doc states "Go-1 and Go-3 tokens > >> (among others) also support the ability to change your PIN.". Would > >> the Go-7 be one of those that are "among others"? > > > > We do not have any Go-7 cards here, but we expect consistent behaviour > > with other tokens. However, support of PINs is dependent on that option > > being enabled in the card's import record (ie by Vasco), and the PIN > > options that might be configured there. > > > > You should check the import records for these tokens. > > > >> If so, I seem to have run into a snag trying the process. The trace > >> 4 log shows an error of "DEBUG: Radius::AuthSQLDIGIPASS REJECT: > >> Digipass Authentication failed: Response Too Long" when I attempt a > >> PIN reset based on the documentation. > > > > Please let us and the list know if you get PIN change to work. > > > > Thanks! > > No success on PIN changes with this series of token. I have 2 different > EXPORT.DPX files I can choose from: One without PINs, and one with > pre-defined PINs. Regardless of which of the two files I import into our > system, I get the same result as listed above when attempting to use the > PIN change procedure. It's a shame, we have 125 of these tokens, and I'd > love to be able to use them, but our policies require that the PINs must be > reset when the tokens are re-issued. I suppose I can mark the tokens for > single-issue only, and ensure they aren't re-issued after. > > > If there is a way to decode the options in the DPX files to determine which > entry defines the ability to change PINs, I'll check my files to see if it > exists.
I dont know if you can do it by inspection of the DPX file, but if you use the digipass.pl program part of our Authen-Digipass to import then 'info' the token it will tell you whether PIN is enabled or not. Cheers. > > Fortunately, we primarily use eToken NG-OTP 64k, eToken PASS, and a couple > of software-based OTP tokens on mobile phones. Those are all plenty > flexible for our needs. That reminds me of another question, but I'll > start another post for it. > > Thanks! > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
