[ejabberd] Problems with external authentication, administrative web interface, and one time passwords

James Davis james.davis at ja.net
Wed Feb 6 14:07:29 MSK 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'm running ejabberd 2.1.5 on Debian/squeeze and authenticating
against a SecurID through it's radius interface.

My users and I are able to log in using the one time codes that their
RSA tokens are generating. All great so far.

The problems start when we try to access the web interface. It appears
that ejabberd wants to perform multiple authentications during the
logon process. Since the RSA codes are only valid for one use, the
first radius authentication succeeds but the subsequent radius
authentications fail and ejabberd fails to authenticate me and allow
access.

Any idea's as to what's happening here? I'm not familiar with the code
and why the software wants to submit the radius credentials multiple
times.

Thanks,

James

- -- 
James Davis                0300 999 2340 (+44 1235 822340)
Senior CSIRT Member	
Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlESK2EACgkQjsS2Y6D6yLz5VgD/T5V4n4P/PtBggHBfjh5otepf
1wCgN3CWKBabHGzlsnYBALBgO/DpHvDrIW0ttM+AgMe8U3m+iUClVczNxyJGsn8X
=0I4V
-----END PGP SIGNATURE-----

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238



More information about the ejabberd mailing list