On Wed, 2015-07-08 at 13:24 +0200, Michael Ströder wrote:
Sumit Bose wrote:
> On Tue, Jul 07, 2015 at 01:54:12PM +0200, Michael Ströder wrote:
>> Was this tested in scenarios when using clusterssh or similar?
>
> No, I'm not sure how clusterssh should work with OTP at all.
I plan to implement short-time HOTP validation caching (few seconds).
That defeats the point of using an OTP ...
Also with TOTP requests with the same OTP can be validated within a
certain
time-frame.
Only on non-compliant servers, in theory servers should track if a TOTP
has been used and refuse a second authentication with the same code. In
practice this may not be enforced in some implementations.
Simo.
--
Simo Sorce * Red Hat, Inc * New York