Hi Cornelius,
I want to suggest a feature request, the software we use at the moment
(RSA) has the ability to assign a token with an initial pincode.
After the user uses this pincode for the first time to login/authenticatie
to our frontend he will be asked to change this to his own value.
This makes assigning tokens for other people possible, can you look into
this?
Thanks
I added an issue
Issues · privacyidea/privacyidea · GitHub Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking:
Hi Cornelius,
I want to suggest a feature request, the software we use at the moment
(RSA) has the ability to assign a token with an initial pincode.
After the user uses this pincode for the first time to
login/authenticatie to our frontend he will be asked to change this to
his own value.
This makes assigning tokens for other people possible, can you look
into this?Thanks
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
This is because there is no PIN handler at the moment:
(click and follow the previous link)
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#policy-pinhandling
The randomly created PIN is passed to the PINhandler.
The basic pinhandler simply logs the pin to the log file.
You may implement whichever pin handler you need (like sending the
email)
Implementing an SMTP Pin Handler based on the new centrally defined smtp
servers should not be a big issue. Of course you may also order this
development at your preferred open source service provider. 
privacyIDEA can not cover 100% of all possible scenarios. But it is
flexible enough to do the basics. And you may understand that my time to
enrich the world with no-cost code is also limited.
Kind regards
CorneliusAm Montag, den 20.06.2016, 01:19 -0700 schrieb jmdeking:
Sorry but its not clear how this works exactly when reading the
document.I apply’d the otp_pin_random option and assigned a token to a user
without setting a pin. But the user doesnt receive a email or anything
so not sure how to know what the random code is.Gr.
JohanOn Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:
The 2nd is already possible.
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-randomAm Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking: > Thanks Cornleius, > > > Looks good. Just to clarify my use case is the following: > > > An administrator assigns a challenge response token (email or sms) > with a pincode. But this pincode should not be known to the > administrator cause its personal so in my view one of the following 2 > things can be done about this. > > > 1. My users log in to their citrix desktop using Citrix Netscaler with > Radius request to the privacyidea server. The privacyidea server > detects the 'initial' pincode is used and asks for a challenge > response to change the pin to its own value. > 2. When an administrator assigns an token he can leave the pin field > empty for the system to generate a random pin that is being send > automatically using the chosen token method. (email of SMS) > > > You think this is possible? > > > > > > > > > > > > > > > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: > I added an issue > https://github.com/privacyidea/privacyidea/issues/429 > > Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > > Hi Cornelius, > > > > > > I want to suggest a feature request, the software we use at > the moment > > (RSA) has the ability to assign a token with an initial > pincode. > > After the user uses this pincode for the first time to > > login/authenticatie to our frontend he will be asked to > change this to > > his own value. > > This makes assigning tokens for other people possible, can > you look > > into this? > > > > > > Thanks > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/a62bce18-21f4-4524-b4ec-35ea9cd3b04e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Now when enabling pinhandling and setting the value to “send pin” i get the
error Item in ``from list’’ not a stringOn Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading the document.
I apply’d the otp_pin_random option and assigned a token to a user
without setting a pin. But the user doesnt receive a email or anything so
not sure how to know what the random code is.Gr.
JohanOn Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:
The 2nd is already possible.
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random
Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking:
Thanks Cornleius,
Looks good. Just to clarify my use case is the following:
An administrator assigns a challenge response token (email or sms)
with a pincode. But this pincode should not be known to the
administrator cause its personal so in my view one of the following 2
things can be done about this.
- My users log in to their citrix desktop using Citrix Netscaler with
Radius request to the privacyidea server. The privacyidea server
detects the ‘initial’ pincode is used and asks for a challenge
response to change the pin to its own value.- When an administrator assigns an token he can leave the pin field
empty for the system to generate a random pin that is being send
automatically using the chosen token method. (email of SMS)You think this is possible?
On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
PIN change · Issue #429 · privacyidea/privacyidea · GitHubAm Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > Hi Cornelius, > > > I want to suggest a feature request, the software we use at the moment > (RSA) has the ability to assign a token with an initial pincode. > After the user uses this pincode for the first time to > login/authenticatie to our frontend he will be asked to change this to > his own value. > This makes assigning tokens for other people possible, can you look > into this? > > > Thanks > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Sorry but its not clear how this works exactly when reading the document.
I apply’d the otp_pin_random option and assigned a token to a user without
setting a pin. But the user doesnt receive a email or anything so not sure
how to know what the random code is.
Gr.
JohanOn Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote:
The 2nd is already possible.
http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random
Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking:
Thanks Cornleius,
Looks good. Just to clarify my use case is the following:
An administrator assigns a challenge response token (email or sms)
with a pincode. But this pincode should not be known to the
administrator cause its personal so in my view one of the following 2
things can be done about this.
- My users log in to their citrix desktop using Citrix Netscaler with
Radius request to the privacyidea server. The privacyidea server
detects the ‘initial’ pincode is used and asks for a challenge
response to change the pin to its own value.- When an administrator assigns an token he can leave the pin field
empty for the system to generate a random pin that is being send
automatically using the chosen token method. (email of SMS)You think this is possible?
On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
PIN change · Issue #429 · privacyidea/privacyidea · GitHubAm Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > Hi Cornelius, > > > I want to suggest a feature request, the software we use at the moment > (RSA) has the ability to assign a token with an initial pincode. > After the user uses this pincode for the first time to > login/authenticatie to our frontend he will be asked to change this to > his own value. > This makes assigning tokens for other people possible, can you look > into this? > > > Thanks > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
I understand Cornelius, thanks for the github feature enhacement. i hope
you get the time to implement that.
Gr.
JohanOn Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:
Hi Johan,
have you tried entering “do_what_i_mean”?
…sorry - could not resist this…
Kind regards
CorneliusAm Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:
Now when enabling pinhandling and setting the value to “send pin” i
get the error Item in ``from list’’ not a stringOn Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading
the document.I apply'd the otp_pin_random option and assigned a token to a user without setting a pin. But the user doesnt receive a email or anything so not sure how to know what the random code is. Gr. Johan On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote: The 2nd is already possible.http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random
Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking: > Thanks Cornleius, > > > Looks good. Just to clarify my use case is the following: > > > An administrator assigns a challenge response token (email or sms) > with a pincode. But this pincode should not be known to the > administrator cause its personal so in my view one of the following 2 > things can be done about this. > > > 1. My users log in to their citrix desktop using Citrix Netscaler with > Radius request to the privacyidea server. The privacyidea server > detects the 'initial' pincode is used and asks for a challenge > response to change the pin to its own value. > 2. When an administrator assigns an token he can leave the pin field > empty for the system to generate a random pin that is being send > automatically using the chosen token method. (email of SMS) > > > You think this is possible? > > > > > > > > > > > > > > > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: > I added an issue > https://github.com/privacyidea/privacyidea/issues/429 > > Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > > Hi Cornelius, > > > > > > I want to suggest a feature request, the software we use at > the moment > > (RSA) has the ability to assign a token with an initial > pincode. > > After the user uses this pincode for the first time to > > login/authenticatie to our frontend he will be asked to > change this to > > his own value. > > This makes assigning tokens for other people possible, can > you look > > into this? > > > > > > Thanks > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > >> > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: >> --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Hi Johan,
have you tried entering “do_what_i_mean”?
…sorry - could not resist this…
Kind regards
CorneliusAm Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:
Now when enabling pinhandling and setting the value to “send pin” i
get the error Item in ``from list’’ not a stringOn Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading
the document.I apply'd the otp_pin_random option and assigned a token to a user without setting a pin. But the user doesnt receive a email or anything so not sure how to know what the random code is. Gr. Johan On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote: The 2nd is already possible. http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking: > Thanks Cornleius, > > > Looks good. Just to clarify my use case is the following: > > > An administrator assigns a challenge response token (email or sms) > with a pincode. But this pincode should not be known to the > administrator cause its personal so in my view one of the following 2 > things can be done about this. > > > 1. My users log in to their citrix desktop using Citrix Netscaler with > Radius request to the privacyidea server. The privacyidea server > detects the 'initial' pincode is used and asks for a challenge > response to change the pin to its own value. > 2. When an administrator assigns an token he can leave the pin field > empty for the system to generate a random pin that is being send > automatically using the chosen token method. (email of SMS) > > > You think this is possible? > > > > > > > > > > > > > > > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: > I added an issue > https://github.com/privacyidea/privacyidea/issues/429 > > Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > > Hi Cornelius, > > > > > > I want to suggest a feature request, the software we use at > the moment > > (RSA) has the ability to assign a token with an initial > pincode. > > After the user uses this pincode for the first time to > > login/authenticatie to our frontend he will be asked to > change this to > > his own value. > > This makes assigning tokens for other people possible, can > you look > > into this? > > > > > > Thanks > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Thanks Cornleius,
Looks good. Just to clarify my use case is the following:
An administrator assigns a challenge response token (email or sms) with a
pincode. But this pincode should not be known to the administrator cause
its personal so in my view one of the following 2 things can be done about
this.
You think this is possible?On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
PIN change · Issue #429 · privacyidea/privacyidea · GitHubAm Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking:
Hi Cornelius,
I want to suggest a feature request, the software we use at the moment
(RSA) has the ability to assign a token with an initial pincode.
After the user uses this pincode for the first time to
login/authenticatie to our frontend he will be asked to change this to
his own value.
This makes assigning tokens for other people possible, can you look
into this?Thanks
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
The 2nd is already possible.
7.5. Enrollment policies — privacyIDEA 3.8 documentation Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking:
Thanks Cornleius,
Looks good. Just to clarify my use case is the following:
An administrator assigns a challenge response token (email or sms)
with a pincode. But this pincode should not be known to the
administrator cause its personal so in my view one of the following 2
things can be done about this.
- My users log in to their citrix desktop using Citrix Netscaler with
Radius request to the privacyidea server. The privacyidea server
detects the ‘initial’ pincode is used and asks for a challenge
response to change the pin to its own value.- When an administrator assigns an token he can leave the pin field
empty for the system to generate a random pin that is being send
automatically using the chosen token method. (email of SMS)You think this is possible?
On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote:
I added an issue
PIN change · Issue #429 · privacyidea/privacyidea · GitHubAm Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > Hi Cornelius, > > > I want to suggest a feature request, the software we use at the moment > (RSA) has the ability to assign a token with an initial pincode. > After the user uses this pincode for the first time to > login/authenticatie to our frontend he will be asked to change this to > his own value. > This makes assigning tokens for other people possible, can you look > into this? > > > Thanks > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
I understand that PASSWORD change can be performed via MSCHAPv2.
I could explain to you, why MSCHAPv2 does not work with OTP.
But we would have to dive into your setup a bit deeper. And I am not
willing to invest my time here to explain to you your Many-Bucks-Juniper
setup. Go and ask your Juniper support!!!
!!!
!
!!!
After all - you payed for that!
Besides - I also stressed the problem with MSChapv2 and OTP a lot on
different channels. So google might be your friend here.Am Montag, den 22.08.2016, 03:17 -0700 schrieb jmdeking:
Hi again Cornerlius,
I noticed this feature got released in 2.14-1trusty.
I enabled it and applied it to the only realm i got.
I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.But when i log in to my netscaler using freeradius i do not get
prompted by a radius message to change the pin.How come.
On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:
Hi Johan,have you tried entering "do_what_i_mean"? ;-) ...sorry - could not resist this... Kind regards Cornelius Am Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking: > Now when enabling pinhandling and setting the value to "send pin" i > get the error Item in ``from list'' not a string > > On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote: > Sorry but its not clear how this works exactly when reading > the document. > > > I apply'd the otp_pin_random option and assigned a token to a > user without setting a pin. But the user doesnt receive a > email or anything so not sure how to know what the random code > is. > > > Gr. > Johan > > On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote: > The 2nd is already possible. > http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random > > > Am Montag, den 20.06.2016, 01:07 -0700 schrieb > jmdeking: > > Thanks Cornleius, > > > > > > Looks good. Just to clarify my use case is the > following: > > > > > > An administrator assigns a challenge response token > (email or sms) > > with a pincode. But this pincode should not be known > to the > > administrator cause its personal so in my view one > of the following 2 > > things can be done about this. > > > > > > 1. My users log in to their citrix desktop using > Citrix Netscaler with > > Radius request to the privacyidea server. The > privacyidea server > > detects the 'initial' pincode is used and asks for a > challenge > > response to change the pin to its own value. > > 2. When an administrator assigns an token he can > leave the pin field > > empty for the system to generate a random pin that > is being send > > automatically using the chosen token method. (email > of SMS) > > > > > > You think this is possible? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: > > I added an issue > > > https://github.com/privacyidea/privacyidea/issues/429 > > > > Am Samstag, den 18.06.2016, 05:35 -0700 > schrieb jmdeking: > > > Hi Cornelius, > > > > > > > > > I want to suggest a feature request, the > software we use at > > the moment > > > (RSA) has the ability to assign a token > with an initial > > pincode. > > > After the user uses this pincode for the > first time to > > > login/authenticatie to our frontend he > will be asked to > > change this to > > > his own value. > > > This makes assigning tokens for other > people possible, can > > you look > > > into this? > > > > > > > > > Thanks > > > -- > > > Please read the blog post about getting > help > > > > https://www.privacyidea.org/getting-help/. > > > > > > For professional services and consultancy > regarding two > > factor > > > authentication please visit > > > > https://netknights.it/en/leistungen/one-time-services/ > > > > > > In an enterprise environment you should > get a SERVICE LEVEL > > AGREEMENT > > > which suites your needs for SECURITY, > AVAILABILITY and > > LIABILITY: > > > > > > https://netknights.it/en/leistungen/service-level-agreements/ > > > --- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop > receiving emails > > from it, send > > > an email to > privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > Visit this group at > > > https://groups.google.com/group/privacyidea. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding > two factor > > authentication please visit > > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a > SERVICE LEVEL AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY > and LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed > to the Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving > emails from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. > > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/aaae7048-73c6-4cde-9c7d-5d5db74af67c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
Hi again Cornerlius,
I noticed this feature got released in 2.14-1trusty.
I enabled it and applied it to the only realm i got.
I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.
But when i log in to my netscaler using freeradius i do not get prompted by
a radius message to change the pin.
How come.On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote:
Hi Johan,
have you tried entering “do_what_i_mean”?
…sorry - could not resist this…
Kind regards
CorneliusAm Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking:
Now when enabling pinhandling and setting the value to “send pin” i
get the error Item in ``from list’’ not a stringOn Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote:
Sorry but its not clear how this works exactly when reading
the document.I apply'd the otp_pin_random option and assigned a token to a user without setting a pin. But the user doesnt receive a email or anything so not sure how to know what the random code is. Gr. Johan On Monday, June 20, 2016 at 10:09:22 AM UTC+2, Cornelius Kölbel wrote: The 2nd is already possible.http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random
Am Montag, den 20.06.2016, 01:07 -0700 schrieb jmdeking: > Thanks Cornleius, > > > Looks good. Just to clarify my use case is the following: > > > An administrator assigns a challenge response token (email or sms) > with a pincode. But this pincode should not be known to the > administrator cause its personal so in my view one of the following 2 > things can be done about this. > > > 1. My users log in to their citrix desktop using Citrix Netscaler with > Radius request to the privacyidea server. The privacyidea server > detects the 'initial' pincode is used and asks for a challenge > response to change the pin to its own value. > 2. When an administrator assigns an token he can leave the pin field > empty for the system to generate a random pin that is being send > automatically using the chosen token method. (email of SMS) > > > You think this is possible? > > > > > > > > > > > > > > > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: > I added an issue > https://github.com/privacyidea/privacyidea/issues/429 > > Am Samstag, den 18.06.2016, 05:35 -0700 schrieb jmdeking: > > Hi Cornelius, > > > > > > I want to suggest a feature request, the software we use at > the moment > > (RSA) has the ability to assign a token with an initial > pincode. > > After the user uses this pincode for the first time to > > login/authenticatie to our frontend he will be asked to > change this to > > his own value. > > This makes assigning tokens for other people possible, can > you look > > into this? > > > > > > Thanks > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding two > factor > > authentication please visit > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a SERVICE LEVEL > AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY and > LIABILITY: > > >> > --- > > You received this message because you are subscribed to the > Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving emails > from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > >> > For more options, visit https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: >> --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit >> For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com <javascript:>.
To post to this group, send email to priva...@googlegroups.com
<javascript:>.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visitFor more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it <javascript:>
+49 151 2960 1417NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Since your Netscaler does not know about the pin changing.
The PIN change is sent in the privacyIDEA API. This is not forwarded in
the RADIUS protocol and to my limited knowledge there is no PIN change
functionality in the RADIUS protocol.Am Montag, den 22.08.2016, 03:06 -0700 schrieb jmdeking:
Hi again Cornerlius,
I noticed this feature got released in 2.14-1trusty.
I enabled it and applied it to the only realm i got.
I set a pincode for a ldap user and when looking at the token it
says, next_pin_change: 22/08/16 11:55.But when i log in to my netscaler using freeradius i do not get
prompted by a radius message to change the pin.How come.
On Monday, June 20, 2016 at 10:36:44 AM UTC+2, jmdeking wrote:
I understand Cornelius, thanks for the github feature
enhacement. i hope you get the time to implement that.Gr. Johan On Monday, June 20, 2016 at 10:31:48 AM UTC+2, Cornelius Kölbel wrote: Hi Johan, have you tried entering "do_what_i_mean"? ;-) ...sorry - could not resist this... Kind regards Cornelius Am Montag, den 20.06.2016, 01:30 -0700 schrieb jmdeking: > Now when enabling pinhandling and setting the value to "send pin" i > get the error Item in ``from list'' not a string > > On Monday, June 20, 2016 at 10:19:28 AM UTC+2, jmdeking wrote: > Sorry but its not clear how this works exactly when reading > the document. > > > I apply'd the otp_pin_random option and assigned a token to a > user without setting a pin. But the user doesnt receive a > email or anything so not sure how to know what the random code > is. > > > Gr. > Johan > > On Monday, June 20, 2016 at 10:09:22 AM UTC +2, Cornelius Kölbel wrote: > The 2nd is already possible. > http://privacyidea.readthedocs.io/en/latest/policies/enrollment.html#otp-pin-random > > > Am Montag, den 20.06.2016, 01:07 0700 schrieb > jmdeking: > > Thanks Cornleius, > > > > > > Looks good. Just to clarify my use case is the > following: > > > > > > An administrator assigns a challenge response token > (email or sms) > > with a pincode. But this pincode should not be known > to the > > administrator cause its personal so in my view one > of the following 2 > > things can be done about this. > > > > > > 1. My users log in to their citrix desktop using > Citrix Netscaler with > > Radius request to the privacyidea server. The > privacyidea server > > detects the 'initial' pincode is used and asks for a > challenge > > response to change the pin to its own value. > > 2. When an administrator assigns an token he can > leave the pin field > > empty for the system to generate a random pin that > is being send > > automatically using the chosen token method. (email > of SMS) > > > > > > You think this is possible? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sunday, June 19, 2016 at 11:02:16 AM UTC+2, Cornelius Kölbel wrote: > > I added an issue > > > https://github.com/privacyidea/privacyidea/issues/429 > > > > Am Samstag, den 18.06.2016, 05:35 -0700 > schrieb jmdeking: > > > Hi Cornelius, > > > > > > > > > I want to suggest a feature request, the > software we use at > > the moment > > > (RSA) has the ability to assign a token > with an initial > > pincode. > > > After the user uses this pincode for the > first time to > > > login/authenticatie to our frontend he > will be asked to > > change this to > > > his own value. > > > This makes assigning tokens for other > people possible, can > > you look > > > into this? > > > > > > > > > Thanks > > > -- > > > Please read the blog post about getting > help > > > > https://www.privacyidea.org/getting-help/. > > > > > > For professional services and consultancy > regarding two > > factor > > > authentication please visit > > > > https://netknights.it/en/leistungen/one-time-services/ > > > > > > In an enterprise environment you should > get a SERVICE LEVEL > > AGREEMENT > > > which suites your needs for SECURITY, > AVAILABILITY and > > LIABILITY: > > > > > > https://netknights.it/en/leistungen/service-level-agreements/ > > > --- > > > You received this message because you are > subscribed to the > > Google > > > Groups "privacyidea" group. > > > To unsubscribe from this group and stop > receiving emails > > from it, send > > > an email to > privacyidea...@googlegroups.com. > > > To post to this group, send email to > > priva...@googlegroups.com. > > > Visit this group at > > > https://groups.google.com/group/privacyidea. > > > To view this discussion on the web visit > > > > > > https://groups.google.com/d/msgid/privacyidea/d5243197-6d8b-4f6e-8c2e-554ab48126cc%40googlegroups.com. > > > For more options, visit > https://groups.google.com/d/optout. > > > > -- > > Cornelius Kölbel > > corneliu...@netknights.it > > +49 151 2960 1417 > > > > NetKnights GmbH > > http://www.netknights.it > > Landgraf-Karl-Str. 19, 34131 Kassel, > Germany > > Tel: +49 561 3166797, Fax: +49 561 3166798 > > > > Amtsgericht Kassel, HRB 16405 > > Geschäftsführer: Cornelius Kölbel > > > > > > -- > > Please read the blog post about getting help > > https://www.privacyidea.org/getting-help/. > > > > For professional services and consultancy regarding > two factor > > authentication please visit > > > https://netknights.it/en/leistungen/one-time-services/ > > > > In an enterprise environment you should get a > SERVICE LEVEL AGREEMENT > > which suites your needs for SECURITY, AVAILABILITY > and LIABILITY: > > > https://netknights.it/en/leistungen/service-level-agreements/ > > --- > > You received this message because you are subscribed > to the Google > > Groups "privacyidea" group. > > To unsubscribe from this group and stop receiving > emails from it, send > > an email to privacyidea...@googlegroups.com. > > To post to this group, send email to > priva...@googlegroups.com. > > Visit this group at > https://groups.google.com/group/privacyidea. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/privacyidea/449848c1-cec1-4ab7-93b6-5d6561ddcbdc%40googlegroups.com. > > For more options, visit > https://groups.google.com/d/optout. > > -- > Cornelius Kölbel > corneliu...@netknights.it > +49 151 2960 1417 > > NetKnights GmbH > http://www.netknights.it > Landgraf-Karl-Str. 19, 34131 Kassel, Germany > Tel: +49 561 3166797, Fax: +49 561 3166798 > > Amtsgericht Kassel, HRB 16405 > Geschäftsführer: Cornelius Kölbel > > > -- > Please read the blog post about getting help > https://www.privacyidea.org/getting-help/. > > For professional services and consultancy regarding two factor > authentication please visit > https://netknights.it/en/leistungen/one-time-services/ > > In an enterprise environment you should get a SERVICE LEVEL AGREEMENT > which suites your needs for SECURITY, AVAILABILITY and LIABILITY: > https://netknights.it/en/leistungen/service-level-agreements/ > --- > You received this message because you are subscribed to the Google > Groups "privacyidea" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to privacyidea...@googlegroups.com. > To post to this group, send email to priva...@googlegroups.com. > Visit this group at https://groups.google.com/group/privacyidea. > To view this discussion on the web visit > https://groups.google.com/d/msgid/privacyidea/98e6cda2-398b-4fe2-9a5b-7ea55208049e%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/efc8fa2d-d481-48fc-8707-c209146b7825%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)