Yubico Forum
https://forum.yubico.com/

Password length too long?
https://forum.yubico.com/viewtopic.php?f=8&t=471
Page 1 of 1

Author:  adam [ Tue Jan 26, 2010 11:19 am ]
Post subject:  Password length too long?

Hi,

I'm trying to setup a VPN with yubikey according to this howto: http://code.google.com/p/yubico-pam/wik ... nVPNviaPAM

And in principle it works fine, i.e. as long as I don't use the OpenVPN supplied GUI. As soon as I do that it seems the not the whole PASSWORD + OTP string gets transmitted. It seems only 48 or 49 characters get transmitted. Do you know of any constraints in this regard? Without a GUI Yubikey can't be used by our customer.

I believe that the problem is the windows password entry field because when I tried PAP (with pptp, freeradius, pam, yubico on the server side) I had the same problem. Shortening the password helps, btw :(.

cu, Adam.

Author:  network-marvels [ Thu Jan 28, 2010 7:02 am ]
Post subject:  Re: Password length too long?

We would appreciate if you can provide us the following information:

    1) Details of the operating system where you have installed the OpenVPN and FreeRADIUS server
    2) OpenVPN server and Windows GUI client version
    3) FreeRADIUS server version
    4) Windows operating system details where you have installed OpenVPN GUI client

Author:  adam [ Mon Feb 01, 2010 4:37 pm ]
Post subject:  Re: Password length too long?

Hi, sorry for the late reply. The details are as follows.

The server is Debian GNU/Linux 5.0:
  • uname -a: Linux <IP> 2.6.26-2-amd64 #1 SMP Thu Nov 5 02:23:12 UTC 2009 x86_64 GNU/Linux
  • freeradius: 2.0.4+dfsg-6
  • openvpn: 2.1~rc11-1

The client is WindowsXP:
  • Windows XP Professional Version 2002 SP 3
  • OpenVPN(with GUI): 2.1.1

Author:  Andrew_Aust [ Mon May 30, 2011 2:18 pm ]
Post subject:  Re: Password length too long?

I have the same issue - was there a solution? (I know this is an old topic, but, someone...?)

I am trying to use RADIUS at my VPN Server to authenticate to ROPII.
That is, my setup: Client(Win7VPN)----> VPN_ROUTER(VYATTA)--->RADIUS SERVER (ROPII)

I am using the Windows 7 VPN client, and using L2TP with IPSEC. The IPSEC link is connecting, securing my connection. I have the L2TP Authentication mode set to use PAP, and am sending Username@domain.com in the Username field, and password+OTP in the password field.

Via the ROPII logs, I can see that the request is being received by the ROPII server, but the OTP is being truncated - max length of password+OTP is exactly 48 characters - any additional characters are not being received, and hence, the OTP validation is failing.

I have the ROPII machine correctly validating the OTP's when sent to it via a pGina login, but I am trying to set it up so that I can incorporate the OTP into the VPN connection, and remove the need for pGina. I am using Ipsec/L2TP so that IPSEC encrypts the transmission first, so I can use PAP to send the passwords in clear text (so that the OTP is not altered in transmission) without compromising my security.

It is all working, except that, because the OTP is being truncated, I cannot succeed in having the OTP validated by ROPII.

Does anyone know what it is that is truncating my password+OTP to 48 characters? Is it the MSWindows VPN client? The RADIUS protocol? ROPII (surely not!) ?

I suspect the client, however I can find no documentation suggesting a limit on password length, and Adam, (who started this post) has (had?) the same issue with OpenVPN - so, maybe the client is innocent after all?

I am this close to a great solution, and this truncation issue is infuriating... :evil:

Author:  Andrew_Aust [ Tue Jun 07, 2011 11:31 am ]
Post subject:  Re: Password length too long?

Ok, I have checked this with Microsoft, and can confirm that the VPN client is the problem.
They advise that the VPN client accepts a maximum of 48 characters, and this cannot be extended.
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/b71b1d1e-f54c-4481-b27c-63063bcad022

This is rather disappointing. :x

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/