Hello,
I’m here again 
I have set up a policy where otppin=1 but when I try to authenticate with https://localhost:5001/auth/index
I cannot manage to login.
If I set otppin=0 or otppin=2 everything goes perfectly and I am able to
authenticate.
Inside my test db the password is stored as plain-text, is this right or
have I to encode it with md5 or something else?
PS: when I’m logging in I wrote:
user: paolo
password: plainpwdOTPVALUE
This is the right way to authenticate.
And you are right, you can authenticate with the Password in the
useridresolver by setting otppin=1.
The SQLResolver implements the following passwords at the moment, which is
identified by the start of the password column contents:
(see
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/lib/resolvers/SQLIdResolver.py#L118)
All other passwords will fail! :-/
I could however as a last resort add the plain comparision…
This tool
(https://github.com/privacyidea/privacyidea/blob/master/tools/ssha.py) will
calculate a {SSHA} password.
like:
{SSHA}5rzoq/JD+GxreULiShO1BJ5xMvGzKvShXlHWAw==
for the password “test”.
Kind regards
CorneliusAm Dienstag, 14. Oktober 2014 12:23:02 UTC+2 schrieb Paolo:
Hello,
I’m here again
I have set up a policy where otppin=1 but when I try to authenticate with
https://localhost:5001/auth/index I cannot manage to login.
If I set otppin=0 or otppin=2 everything goes perfectly and I am able to
authenticate.
Inside my test db the password is stored as plain-text, is this right or
have I to encode it with md5 or something else?PS: when I’m logging in I wrote:
user: paolo
password: plainpwdOTPVALUE
Works perfectly 
thanks a lot!
I will write an how to on my blog about this ;)On Tuesday, October 14, 2014 12:48:15 PM UTC+2, corneliu…@netknights.it wrote:
This is the right way to authenticate.
And you are right, you can authenticate with the Password in the
useridresolver by setting otppin=1.
The SQLResolver implements the following passwords at the moment, which is
identified by the start of the password column contents:
(see
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/lib/resolvers/SQLIdResolver.py#L118
)
- php wordpress, starting with “$P”
- sha1, starting with “{SHA}”
- salted sha1, starting with “{SSHA}”
- salted sha256, starting with “{SSHA256}”
- salted sha513, starting with “{SSHA512}”
- and a 64 byte password, which is assumed to be sha256 used by OTRS.
All other passwords will fail! :-/
I could however as a last resort add the plain comparision…
This tool (
https://github.com/privacyidea/privacyidea/blob/master/tools/ssha.py)
will calculate a {SSHA} password.
like:
{SSHA}5rzoq/JD+GxreULiShO1BJ5xMvGzKvShXlHWAw==
for the password “test”.Kind regards
CorneliusAm Dienstag, 14. Oktober 2014 12:23:02 UTC+2 schrieb Paolo:
Hello,
I’m here again
I have set up a policy where otppin=1 but when I try to authenticate
with https://localhost:5001/auth/index I cannot manage to login.
If I set otppin=0 or otppin=2 everything goes perfectly and I am able to
authenticate.
Inside my test db the password is stored as plain-text, is this right or
have I to encode it with md5 or something else?PS: when I’m logging in I wrote:
user: paolo
password: plainpwdOTPVALUE
