-
Notifications
You must be signed in to change notification settings - Fork 968
PAM reports: "Invalid verification code" #42
Comments
Comment #1 originally posted by afrazkhan on 2011-02-23T16:25:44.000Z: Hmm, pretty sure it's a time related issue now. My phone's time was ahead by about 2 minutes. The odd thing is that it didn't start working immediately after resetting the time. I re-imported the accounts I was testing several times, and something like half an hour later, it started working on all machines! |
Comment #2 originally posted by afrazkhan on 2011-02-23T16:28:24.000Z: Hmm, this could be a time sync related issue. My phone's time was ahead by about 2 minutes. Not deleting the issue since I'm not convinced there isn't a bug here somewhere. The odd thing is that it didn't start working immediately after resetting the time. I re-imported the accounts I was testing several times, and something like half an hour later, it started working on all machines! |
Comment #3 originally posted by robert.olejnik on 2011-02-26T19:06:41.000Z: I have the same problem, but the time is correct (same values on my server and phone). |
Comment #4 originally posted by lionel.benson on 2011-02-26T21:07:17.000Z: I also now having the same problem. Worked for about two days but now I have tried on three different machines but get the "Invalid verification code". I have ensured my machines are in "time sync" with my phone to the last second. |
Comment #5 originally posted by zodiac on 2011-02-27T03:21:00.000Z: The application uses time since the beginning of the epoch (i.e. midnight, January 1st, 1970). Epoch's are defined as UTC. So, this should always be independent of timezones. But yes, time skew can very well be a problem. You only have a window of about +/- 45 seconds to log in. If the phone and your computer don't agree on time, this won't work. I am working on a change that will allow you to specify a bigger window. If you keep seeing this problem after ruling out misconfigured time, it would help to collect as much data as possible. At the very least, it would help if you included exact time stamps as shown both by your server (use "date -u") and your phone. Also, include the code that you tried entering, and the contents of your configuration file. If you file uneasy about publishing the configuration file in a public forum, feel free to regenerate it afterwards. If you do that, then please also let us know whether regenerating a new key fixes your problem. |
Comment #6 originally posted by lionel.benson on 2011-03-03T17:24:23.000Z: Today I solved my "Invalid verification code" problem. I am definitely not that savvy on tech issues but this is what I did.
I tried it now a few times and it works! No more invalid codes. Looking back now, the only thing I can remember is that I once used the authenticator on a machine that the time was off. Even after correcting the time it never worked again on any of my machines. Only after the above steps has it now started to work. Maybe something got thrown off and could not be reset - I leave that for the tech gurus. Also, after performing the above steps, it did not reset my pass codes for my other apps and all paper back up codes are the same(which is nice). I'm happy now :) |
Comment #7 originally posted by markus@google.com on 2011-03-09T19:53:12.000Z: I am closing this bug report for now, as it sounds that the problem went away. If the problem re-surfaces, please re-open this bug report and try to collect additional debug data so that I can attempt to reproduce it. Don't hesitate to ask for advice, if you need help in collecting the data. |
Comment #8 originally posted by ilia.fischer on 2011-04-14T02:47:39.000Z: The problem is reproducible when Automatic time update ("Use network provided values") is off. When switching it back to ON the codes are valid. Login to GMail. |
So I had this exact same issue on a Scaleway box. The solution turned out to be updating the |
@jameshhx really? auth log said "Invalid verification code"? |
I had this issue, and the solution was to enable the |
the same here, pam keep reports that error
and openvpn server info about package version
|
Folks,
similar to the policy file namemodule sshd_ga_custom 1.0; require { #============= sshd_t ============== |
@AkshayaAnil i moved the vpn to ubuntu, it worked smoothly 😄 |
Original issue 42 created by afrazkhan on 2011-02-23T12:44:13.000Z:
What steps will reproduce the problem?
What is the expected output? What do you see instead?
Expect to login. Instead auth.log says "Invalid verification code".
What version of the product are you using? On what operating system?
No version number in source, but it's the one from 2011.02.23 at 12:00 GMT. Running Ubuntu 10.04LTS.
Please provide any additional information below.
Could this be to do with timezones? Does the application use the time in generating the verification codes?
If so, is there a way to specify the key as "counter based" instead of "time based" when generating it? I see that the Android application allows for both if you manually enter the key ID (instead of using the QR code).
The text was updated successfully, but these errors were encountered: