Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-819

Documented Duo secret key length is incorrect

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.3.0
    • Component/s: Documentation
    • Labels:
      None

      Description

      The length of the Duo secret key is documented within the Guacamole manual as exactly 20 characters. This is incorrect. The integration key is exactly 20 characters, but the secret key is 40 characters.

      This can be seen in the definition and usage of the constants in Duo's DuoWeb class:

      public final class DuoWeb {
      
              ...
      
      	private static final int IKEY_LEN = 20;
      	private static final int SKEY_LEN = 40;
      	private static final int AKEY_LEN = 40;
      
              ...
      
              public static String signRequest(final String ikey, final String skey, final String akey, final String username, final long time) {
      
                      ...
      
      		if (ikey.equals("") || ikey.length() != IKEY_LEN) {
      			return ERR_IKEY;
      		}
      		if (skey.equals("") || skey.length() != SKEY_LEN) {
      			return ERR_SKEY;
      		}
      		if (akey.equals("") || akey.length() < AKEY_LEN) {
      			return ERR_AKEY;
      		}
      
                      ...
      

      Note that the lengths of the various keys are not actually enforced by the guacamole-auth-duo extension, so while the manual is incorrect, the extension should still function as long as correct key values are provided.

        Attachments

          Activity

            People

            • Assignee:
              vnick Nick Couchman
              Reporter:
              steverhysjenks Stephen Jenkins
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: