GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
OCRA_TOOL(8) FreeBSD System Manager's Manual OCRA_TOOL(8)

ocra_tool
create and view OCRA credential files

ocra_tool info -f credential_file

ocra_tool init -f credential_file -s suite_string -k key [-c counter] [-p pin | -P pin_hash] [-q kill_pin | -Q kill_pin_hash] [-w counter_window] [-t timestamp_offset]

ocra_tool sync -f credential_file -c challenge -r response -v second_response

The ocra_tool utility is used to initialize and view OCRA credential files used by the pam_ocra(8) authentication service module for PAM.
Show content of OCRA credential file.
credential_file
the OCRA credential file.
Initialize OCRA credential file.
credential_file
the OCRA credential file.
suite_string
OCRA suite string.
key
specified as hexadecimal string.
counter
If the suite_string requires a counter parameter, counter is the initial counter value. If counter begins with '0x' it will be interpreted as hexadecimal number.
pin | pin_hash
If the suite_string requires a pin-hash parameter, it is either set as hexadecimal string pin_hash or calculated from pin using the pin-hash algorithm in suite_string.
kill_pin | kill_pin_hash
If the suite_string requires a pin-hash parameter, it is optional to provide a kill pin. If this pin is used, the the authentication fails, all future authentications also fail. The kill pin is set as hexadecimal string kill_pin_hash or calculated from kill_pin using the pin-hash algorithm in suite_string.
counter_window
If the suite_string requires a counter parameter, counter_window specifies the maximum number of verify attempts pam_ocra(8) will make (while incrementing the counter value). This parameter is optional.
timestamp_offset
If the suite_string requires a timestamp parameter, timestamp_offset specifies the number of timestamp steps pam_ocra(8) will make while verifying a response. The verify process will start at (current_timestamp - timestamp_offset) and end at (current_timestamp + timestamp_offset). This parameter is optional.
Synchronize the counter with two responses from the OTP device. Based on a user selectable challenge and two subsequent responses it is possible to brute force the counter in the OTP device. When the counter is found, the database is updated. The counter is searched from 0 to UINT_MAX.
credential_file
the OCRA credential file.
challenge
Challenge entered in the OTP device.
response
First response for the given challenge.
second response
Second response for the given challenge.

$ ocra_tool init -f ~/.ocra -s OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1 \


-k 00112233445566778899aabbccddeeff00112233 \


-c 10 -p 1234 -w 50

$ ocra_tool info -f ~/.ocra

suite: OCRA-1:HOTP-SHA1-6:C-QN08-PSHA1

key: 0x00112233445566778899aabbccddeeff00112233

counter: 0x000000000000000a

counter_window: 50

pin_hash: 0x7110eda4d09e062aa5e4a390b0a572ac0d2c0220

kill_pin_hash: NOT SET

kill pin used: false

~/.ocra
OCRA credential file

pam_ocra(8)

ocra_tool and this manual page were developed by Stefan Grundmann.
March 25, 2018 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.