Home
last modified time | relevance | path

Searched +full:user +full:- +full:otp (Results 1 – 25 of 159) sorted by relevance

1234567

/freebsd/crypto/krb5/doc/admin/
H A Dotp.rst3 OTP Preauthentication
6 OTP is a preauthentication mechanism for Kerberos 5 which uses One
7 Time Passwords (OTP) to authenticate the client to the KDC. The OTP
8 is passed to the KDC over an encrypted FAST channel in clear-text.
9 The KDC uses the password along with per-user configuration to proxy
10 the request to a third-party RADIUS system. This enables
11 out-of-the-box compatibility with a large number of already widely
14 Additionally, our implementation of the OTP system allows for the
21 --------------------
26 [otp]
[all …]
H A Dauth_indicator.rst8 such as :ref:`PKINIT <pkinit>` or :ref:`OTP <otp_preauth>`. These
13 administrator; there are no pre-set values.
15 To use authentication indicators with PKINIT or OTP, first configure
18 :ref:`kdc.conf(5)`. For OTP, use the **indicator** variable in the
19 token type definition, or specify the indicators in the **otp** user
38 Password for user/admin@KRBTEST.COM:
40 A user who authenticates with PKINIT would be able to obtain a ticket
43 $ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user
47 but a user who authenticates with a password would not::
49 $ kinit user
[all …]
/freebsd/crypto/krb5/doc/html/_sources/admin/
H A Dotp.rst.txt3 OTP Preauthentication
6 OTP is a preauthentication mechanism for Kerberos 5 which uses One
7 Time Passwords (OTP) to authenticate the client to the KDC. The OTP
8 is passed to the KDC over an encrypted FAST channel in clear-text.
9 The KDC uses the password along with per-user configuration to proxy
10 the request to a third-party RADIUS system. This enables
11 out-of-the-box compatibility with a large number of already widely
14 Additionally, our implementation of the OTP system allows for the
21 --------------------
26 [otp]
[all …]
H A Dauth_indicator.rst.txt8 such as :ref:`PKINIT <pkinit>` or :ref:`OTP <otp_preauth>`. These
13 administrator; there are no pre-set values.
15 To use authentication indicators with PKINIT or OTP, first configure
18 :ref:`kdc.conf(5)`. For OTP, use the **indicator** variable in the
19 token type definition, or specify the indicators in the **otp** user
38 Password for user/admin@KRBTEST.COM:
40 A user who authenticates with PKINIT would be able to obtain a ticket
43 $ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user
47 but a user who authenticates with a password would not::
49 $ kinit user
[all …]
/freebsd/sys/contrib/device-tree/Bindings/mtd/
H A Dmtd.yaml1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
3 ---
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
10 - Miquel Raynal <miquel.raynal@bootlin.com>
11 - Richard Weinberger <richard@nod.at>
21 User-defined MTD device name. Can be used to assign user friendly
26 '#address-cells':
29 '#size-cells':
36 - compatible
39 "@[0-9a-f]+$":
[all …]
H A Dnand-macronix.txt2 -----------------------------------
4 Macronix NANDs support randomizer operation for scrambling user data,
11 For more high-reliability concern, if subpage write is not available
17 - randomizer enable: should be "mxic,enable-randomizer-otp"
21 nand: nand-controller@unit-address {
25 mxic,enable-randomizer-otp;
/freebsd/crypto/krb5/src/tests/
H A Dt_otp.py25 # This script tests OTP, both UDP and Unix Sockets, with a variety of
28 # test how OTP handles the case of short daemon restarts.
39 skip_rest('OTP tests', 'Python pyrad module not found')
43 skip_rest('OTP tests', 'Python version 2.6 required')
48 ATTRIBUTE User-Name 1 string
49 ATTRIBUTE User-Password 2 octets
50 ATTRIBUTE Service-Type 6 integer
51 ATTRIBUTE NAS-Identifier 32 string
86 if key == 'User-Password':
88 elif key == 'User-Name':
[all …]
/freebsd/crypto/heimdal/appl/ftp/ftpd/
H A Dftpd.850 .Op Fl Fl gss-bindings
51 .Op Fl I | Fl Fl no-insecure-oob
53 .Op Fl B | Fl Fl builtin-ls
54 .Op Fl Fl good-chars= Ns Ar string
68 .Bl -tag -width Ds
76 .Bl -tag -width plain
78 Allow logging in with plaintext password. The password can be a(n) OTP
80 .It Ar otp
83 but only OTP is allowed.
89 .Bl -tag -width plain
[all …]
H A Dftpd.c78 int pdata = -1; /* for passive mode */
97 #define AUTH_OTP (1 << 1) /* passwords are one-time */
128 if (cnt == (off_t)-1) \
156 if (getcwd(path, sizeof(path)-1) == NULL) in curdir()
178 if(strcmp(p, "user") == 0) in parse_auth_level()
180 #ifdef OTP in parse_auth_level()
181 else if(strcmp(p, "otp") == 0) in parse_auth_level()
192 warnx("bad value for -a: `%s'", p); in parse_auth_level()
207 int use_builtin_ls = -1;
212 static const char *good_chars = "+-=_,.";
[all …]
/freebsd/crypto/krb5/doc/html/admin/
H A Dauth_indicator.html6 <meta charset="utf-8" />
7 …<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" con…
13 …<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"><…
24 <div class="header-wrapper">
42 <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Authentication indicators">feedback</a>
47 <div class="content-wrapper">
55 <section id="authentication-indicators">
56 <span id="auth-indicator"></span><h1>Authentication indicators<a class="headerlink" href="#authenti…
59 …span class="std std-ref">PKINIT</span></a> or <a class="reference internal" href="otp.html#otp-pre…
64 administrator; there are no pre-set values.</p>
[all …]
H A Dotp.html6 <meta charset="utf-8" />
7 …<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" con…
9 <title>OTP Preauthentication &#8212; MIT Kerberos Documentation</title>
13 …<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"><…
24 <div class="header-wrapper">
42 <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__OTP Preauthentication">feedback</a>
47 <div class="content-wrapper">
55 <section id="otp-preauthentication">
56 <span id="otp-preauth"></span><h1>OTP Preauthentication<a class="headerlink" href="#otp-preauthenti…
57 <p>OTP is a preauthentication mechanism for Kerberos 5 which uses One
[all …]
H A Dindex.html6 <meta charset="utf-8" />
7 …<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" con…
13 …<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"><…
22 <link rel="prev" title="sclient" href="../user/user_commands/sclient.html" />
24 <div class="header-wrapper">
34 <a href="../user/user_commands/sclient.html" title="sclient"
42 <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For administrators">feedback</a>
47 <div class="content-wrapper">
55 <section id="for-administrators">
56 <h1>For administrators<a class="headerlink" href="#for-administrators" title="Permalink to this hea…
[all …]
H A Ddictionary.html6 <meta charset="utf-8" />
7 …<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" con…
13 …<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"><…
24 <div class="header-wrapper">
42 …<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Addressing dictionary attack risks">feedb…
47 <div class="content-wrapper">
55 <section id="addressing-dictionary-attack-risks">
56 …sing dictionary attack risks<a class="headerlink" href="#addressing-dictionary-attack-risks" title…
58 principal’s long-term key, which for users is generally derived from a
59 password. Using a pasword-derived long-term key carries the risk of a
[all …]
/freebsd/crypto/heimdal/appl/login/
H A Dlogin.18 .Nd authenticate a user and start new session
28 If you are already logged in, but want to change to another user, you
40 the user will be logged in without further questions.
45 passwords are supported. OTP will be used if the the user is
49 .Fl a Li otp .
50 When using OTP, a challenge is shown to the user.
53 .Bl -tag -width Ds
57 .Dq otp .
59 Indicates that the user is already authenticated. This happens, for
60 instance, when login is started by telnetd, and the user has proved
[all …]
/freebsd/contrib/wpa/wpa_supplicant/doc/docbook/
H A Dwpa_cli.sgml1 <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
21 <arg>-p <replaceable>path to ctrl sockets</replaceable></arg>
22 <arg>-g <replaceable>path to global ctrl_interface socket</replaceable></arg>
23 <arg>-i <replaceable>ifname</replaceable></arg>
24 <arg>-hvB</arg>
25 <arg>-a <replaceable>action file</replaceable></arg>
26 <arg>-P <replaceable>pid file</replaceable></arg>
27 <arg>-G <replaceable>ping interval</replaceable></arg>
35 <para>wpa_cli is a text-based frontend program for interacting
37 configuration, trigger events, and request interactive user
[all …]
/freebsd/usr.sbin/wpa/wpa_cli/
H A Dwpa_cli.81 .\"-
2 .\" SPDX-License-Identifier: BSD-2-Clause
48 is a text-based frontend program for interacting with
54 request interactive user input.
77 one-time passwords or generic token card
79 challenge-response that uses an external device for generating the
103 non-root user access by using the
111 with a normal user account.
124 .Dq Li CTRL-REQ- Ns Ao Ar type Ac Ns Li - Ns Ao Ar id Ac : Ns Aq Ar text
130 .Li OTP
[all …]
/freebsd/contrib/wpa/wpa_supplicant/
H A DREADME4 Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi> and contributors
16 -------
32 3. Neither the name(s) of the above-listed copyright holder(s) nor the
51 --------
54 - WPA-PSK ("WPA-Personal")
55 - WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
58 * EAP-TLS
59 * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
60 * EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
61 * EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
[all …]
H A Deap_testing.txt5 - Linked some parts of IEEE 802.1X Authenticator implementation from
6 hostapd (RADIUS client and RADIUS processing, EAP<->RADIUS
8 - Replaced wpa_supplicant.c and wpa.c with test code that trigger
11 - For EAP methods that generate keying material, the key derived by the
17 this take a bit more time.. ;-) As an extra bonus, this can also be
23 address) and I will need to get suitable user name/password pairs,
35 -) server did not support
38 Cisco ACS ----------------------------------------------------------.
39 hostapd --------------------------------------------------------. |
40 Cisco Aironet 1200 AP (local RADIUS server) ----------------. | |
[all …]
/freebsd/sys/contrib/device-tree/Bindings/nvmem/
H A Dmicrochip,lan9662-otpc.yaml1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/microchip,lan9662-otpc.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: Microchip LAN9662 OTP Controller (OTPC)
10 - Horatiu Vultur <horatiu.vultur@microchip.com>
13 OTP controller drives a NVMEM memory where system specific data
15 user specific data could be stored.
18 - $ref: nvmem.yaml#
23 - items:
[all …]
H A Dmicrochip,sama7g5-otpc.yaml1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/microchip,sama7g5-otpc.yaml#
5 $schema: http://devicetree.org/meta-schema
[all...]
/freebsd/crypto/krb5/src/plugins/preauth/otp/
H A Dotp_state.c1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* plugins/preauth/otp/otp_state.c - Verify OTP token values using RADIUS */
33 #include <k5-json.h>
95 com_err("otp", retval, "Unable to resolve secret file '%s'", filename); in read_secret_file()
102 com_err("otp", retval, "Unable to open secret file '%s'", filename); in read_secret_file()
110 com_err("otp", retval, "Unable to read secret file '%s'", filename); in read_secret_file()
119 for (j = strlen(buf); j > i; j--) { in read_secret_file()
120 if (!isspace(buf[j - 1])) in read_secret_file()
124 *secret = k5memdup0(&buf[i], j - i, &retval); in read_secret_file()
138 free(type->name); in token_type_free()
[all …]
H A Dmain.c1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* plugins/preauth/otp/main.c - OTP kdcpreauth module definition */
31 #include "k5-int.h"
32 #include "k5-json.h"
61 retval = alloc_data(&plaintext, req->enc_data.ciphertext.length); in decrypt_encdata()
66 NULL, &req->enc_data, &plaintext); in decrypt_encdata()
68 com_err("otp", retval, "Unable to decrypt encData in PA-OTP-REQUEST"); in decrypt_encdata()
85 if (armor_key == NULL || nonce->data == NULL) { in nonce_verify()
90 /* Decode the PA-OTP-ENC-REQUEST structure. */ in nonce_verify()
96 if (er->length != armor_key->length + sizeof(krb5_timestamp)) in nonce_verify()
[all …]
/freebsd/contrib/wpa/src/eap_peer/
H A Deap_config.h3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
13 * struct eap_peer_cert_config - EAP peer certificate configuration/credential
17 * ca_cert - File path to CA certificate file (PEM/DER)
22 * always be configured when using EAP-TLS/TTLS/PEAP. Full path to the
30 * server certificate (SHA-256 hash of the DER encoded X.509
41 * Note that when running wpa_supplicant as an application, the user
42 * certificate store (My user account) is used, whereas computer store
48 * ca_path - Directory path for CA certificate files (PEM)
59 * client_cert - File path to client certificate file (PEM/DER)
62 * Usually, this is only configured for EAP-TLS, even though this could
[all …]
/freebsd/sys/contrib/device-tree/Bindings/nvmem/layouts/
H A Dkontron,sl28-vpd.yaml1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/layouts/kontron,sl28-vpd.yaml#
5 $schema: http://devicetree.org/meta-schemas/core.yaml#
7 title: NVMEM layout of the Kontron SMARC-sAL28 vital product data
10 - Michael Walle <michael@walle.cc>
15 on-board ethernet devices are derived from this base MAC address by
22 const: kontron,sl28-vpd
24 serial-number:
30 base-mac-address:
[all …]
H A Donie,tlv-layout.yaml1 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
3 ---
4 $id: http://devicetree.org/schemas/nvmem/layouts/onie,tlv-layout.yaml#
5 $schema: http://devicetree.org/meta-schema
[all...]

1234567