| *** Skelroy (~Skelroy@71-85-217-74.dhcp.stls.mo.charter.com) has joined #wikid | 02:43 | |
| *** Dacosta (750352da@gateway/web/freenode/ip.117.3.82.218) has joined #wikid | 06:44 | |
| Dacosta | Hi joe, | 07:06 |
|---|---|---|
| Dacosta | I cannot run WiKID client software on Mac OS X 10.8 | 07:06 |
| Dacosta | How we make the wikidctl auto start when the wikid server is restart? | 07:07 |
| *** Dacosta has quit (Quit: Page closed) | 09:47 | |
| *** Dacosta (71a56292@gateway/web/freenode/ip.113.165.98.146) has joined #wikid | 10:40 | |
| Dacosta | hi all | 10:40 |
| Dacosta | I cannot use wikid client on iOS, i always get invalid domain code | 10:41 |
| joevano | Dacosta: are you using the "Domain Identifier" for your domain on your WiKIDAdmin/domainAdmin.jsp page | 11:43 |
| joevano | and is port 80 open to the server that wikid is instaled on? | 11:44 |
| joevano | Dacosta: if you want wikidctl to autostart: If you would like to avoid entering a passphrase each time, you can create a file called /etc/WiKID/security with one line: WAUTH_PASSPHRASE=yourpassphrase. | 11:47 |
| joevano | Dacosta: what kind of error do you get when trying to run the client on OSX 10.8? is it the one about not being from a trusted developer? | 11:49 |
| joevano | if that is the case, you browse to the location of the downloaded file, right click on it and select open. You only need to do this once. after that your mac will trust it. | 11:51 |
| joevano | this is part of 10.8s new more secure application model | 12:05 |
| Dacosta | Hi Joe | 12:50 |
| Dacosta | thank you very much for your reply | 12:50 |
| Dacosta | I download http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.19-locked/wikidtoken-3.1.19-bundle-installer.jar for mac os | 12:50 |
| Dacosta | i know the trusted developer and change it before installation wikid client | 12:51 |
| Dacosta | firstly, i install java on mac os | 12:52 |
| Dacosta | then when i double-click on wikidtoken-3.1.19-bundle-installer.jar, it only show the installer java on the doc and automaticaly disappear | 12:56 |
| Dacosta | I run the wikid client ok on windows | 12:56 |
| Dacosta | for example, on windows i enter the server code like 192168001001 and it working properly | 12:58 |
| *** nowen (~nowen@67.211.17.2) has joined #wikid | 12:58 | |
| Dacosta | the same wifi network on iPhone, when i enter that server code, i get invalid code | 12:59 |
| Dacosta | Hi Mr. Nick | 12:59 |
| nowen | morning | 12:59 |
| nowen | Dacosta: are you using the Community Edition? | 13:00 |
| Dacosta | yes | 13:00 |
| nowen | the smart phone tokens are not supported | 13:00 |
| nowen | we use a 3rd party encryption library on them | 13:01 |
| nowen | or are you saying the token doesn't work on a mac? | 13:01 |
| Dacosta | I test both on mac os and iphone | 13:02 |
| Dacosta | I cannot install wikid client on mac os | 13:02 |
| nowen | are you using the installer or the jar file? | 13:03 |
| Dacosta | yes, wikidtoken-3.1.19-bundle-installer.jar | 13:04 |
| nowen | try using just the jar file. Also, I think there's a more recent token | 13:04 |
| Dacosta | I test both wikidtoken-3.1.19-bundle-installer.jar and wikidtoken-3.1.19.jar | 13:05 |
| nowen | and when you run the jar file from the command line, what error do you get? | 13:06 |
| Dacosta | I got this error: JW quit unexpectedly while using the libjvm.dylib plug-in | 13:06 |
| nowen | what version of java? | 13:07 |
| Dacosta | version 7 update 7 | 13:11 |
| Dacosta | do you have license package for 10 or 20 mobile users, other users use community edition? | 13:13 |
| nowen | no, it's all or nothing. you can set up two servers | 13:14 |
| nowen | please try http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.22/wikidtoken-3.1.22.jar | 13:14 |
| nowen | it's probably not the token client, but best to use the latest | 13:15 |
| Dacosta | ok, nice suggestion about the license | 13:16 |
| nowen | are you in a directory that the token can write to? | 13:18 |
| Dacosta | yes | 13:18 |
| nowen | can you run any java program? | 13:20 |
| nowen | http://lists.apple.com/archives/java-dev/2012/Aug/msg00170.html | 13:20 |
| nowen | brb | 13:21 |
| Dacosta | i always get the error: JW quit unexpectedly while using the libjvm.dylib plug-in | 13:22 |
| Dacosta | on mac os 10.8 | 13:22 |
| nowen | with any jar? or just ours? | 13:34 |
| Dacosta | i will update mac os x to 10.8.2 and update java | 13:37 |
| Dacosta | then i will try | 13:37 |
| Dacosta | wikid doesn't suppor sms? | 13:37 |
| nowen | no, there's no way to secure it | 13:38 |
| Dacosta | when i run the wikid client first time, i get a registration code | 13:38 |
| nowen | on the mac? | 13:39 |
| Dacosta | on windows | 13:39 |
| Dacosta | where the registration code store? | 13:39 |
| Dacosta | can a hacker hacks to use this code in his computer? | 13:39 |
| nowen | no, an attacker would need the private keys in the token. the reg code is used to associate the key pair exchange with a username on the server | 13:41 |
| nowen | did you validate the registration code on the server? | 13:41 |
| Dacosta | yes | 13:45 |
| Dacosta | it means when i install wikid client and authentication with server | 13:46 |
| Dacosta | can a hacker to get this registration code and user on his computer for fraund authenticaiton | 13:47 |
| Dacosta | can a hacker to get this registration code and use on his computer for fraund authenticaiton | 13:47 |
| nowen | the security rests not on whether an attacker gets the registration code - but whether YOU validate it for him | 13:49 |
| Dacosta | where the registration code store? | 13:50 |
| nowen | in the server, you can see it on the WiKIDAdmin/Users/Manually Validate a user | 13:50 |
| Dacosta | have it save on client? | 13:51 |
| nowen | no | 13:51 |
| Dacosta | how the wikid server know this registration code is on my pc or not? | 13:53 |
| Dacosta | i means how the server know code for authentication if it doesn't store on client | 13:54 |
| nowen | the token and the server exchange public keys. the server sends the registration code the token where it is hashed by the token and presented to the users as an alpha-numeric. | 13:55 |
| nowen | in order for the user's keys to be valid, the registration code needs to be validated | 13:55 |
| *** nowen has quit (Quit: Leaving.) | 13:59 | |
| *** nowen1 (~nowen@67.211.17.2) has joined #wikid | 13:59 | |
| *** nowen1 is now known as nowen | 14:01 | |
| *** Dacosta has quit (Ping timeout: 245 seconds) | 14:05 | |
| *** nowen has quit (Ping timeout: 246 seconds) | 14:16 | |
| *** nowen (~nowen@67.211.17.2) has joined #wikid | 14:19 | |
| *** Dacosta (71a56292@gateway/web/freenode/ip.113.165.98.146) has joined #wikid | 14:26 | |
| Dacosta | Hi mr. nick | 14:26 |
| Dacosta | where is the public key? | 14:26 |
| nowen | in the token | 14:27 |
| Dacosta | the token is a software | 14:29 |
| Dacosta | it will store on a folder in program files? | 14:29 |
| Dacosta | or registry of windows | 14:29 |
| nowen | in a pks12 file protected by the token passphrase | 14:30 |
| nowen | would you like a copy of the white paper? | 14:30 |
| Dacosta | i we dont use passphrase, only use PIN | 14:31 |
| Dacosta | if we dont use passphrase, only use PIN | 14:31 |
| nowen | there is a passphrase on the token. are you prompted for a password when you start the token? | 14:31 |
| Dacosta | yes | 14:32 |
| nowen | that's the password on the pks12 file | 14:32 |
| *** Dacosta has quit (Ping timeout: 245 seconds) | 14:36 | |
| *** Dacosta (71a56292@gateway/web/freenode/ip.113.165.98.146) has joined #wikid | 14:37 | |
| Dacosta | when we run the token at first time, we have registe code | 14:38 |
| nowen | yes | 14:38 |
| Dacosta | the register code is stored on the token or not? | 14:38 |
| Dacosta | if not, how the server know token | 14:38 |
| nowen | no | 14:38 |
| Dacosta | how can the server know a register code is for token A or token B? | 14:39 |
| nowen | the server and token exchange encryption keys, the server creates the account, but it is not active or valid | 14:39 |
| nowen | because the user tells you "I have this registration code" | 14:40 |
| Dacosta | you mean the token tell the server "I have this registration code", right? | 14:41 |
| nowen | no, the user has to tell you | 14:41 |
| Dacosta | yes, i know | 14:42 |
| Dacosta | i pay attention to how to trust the wikid security | 14:42 |
| nowen | so, the key trust piece is the registration code | 14:43 |
| Dacosta | i mean, a hacker knows my registration code | 14:43 |
| Dacosta | can he use this registration code on his token or not? | 14:43 |
| nowen | how does he register it on the server? | 14:44 |
| Dacosta | because this register code is mine and it is registered already | 14:45 |
| nowen | once a registration code is used it can no longer be used again | 14:46 |
| Dacosta | for example, if the registration code store some where in the PC where the token running | 14:48 |
| Dacosta | the hacker can change that code on his PC if he know my registration code? | 14:48 |
| nowen | ni | 14:48 |
| nowen | no | 14:49 |
| Dacosta | it means the registration code doesn't store on the PC running token? | 14:52 |
| nowen | correct - the registration code is not stored on the token | 14:53 |
| *** Dacosta has quit (Quit: Page closed) | 14:56 | |
| *** Dacosta (71a56292@gateway/web/freenode/ip.113.165.98.146) has joined #wikid | 14:57 | |
| Dacosta | create /etc/WiKID/security with one line: WAUTH_PASSPHRASE=yourpassphrase | 14:58 |
| Dacosta | if i create this file, when i restart wikid server | 14:58 |
| Dacosta | i need run wikidctl start or it will start automatically? | 14:59 |
| joevano | it starts automatically | 14:59 |
| Dacosta | thanks Joe | 15:00 |
| nowen | you will need to run the command or configure it as a service. There is an example script in /opt/WIKID/conf/templates called wikid | 15:00 |
| joevano | yw | 15:00 |
| joevano | hmm... didn't remember doing that but we must have | 15:00 |
| Dacosta | ok, thanks Nick | 15:05 |
| *** chiong (daba130a@gateway/web/freenode/ip.218.186.19.10) has joined #wikid | 16:20 | |
| chiong | Hi there, could someone let me know what is the default password to login to wikid after running the installation from ISO image downloaded? | 16:22 |
| nowen | root/wikid | 16:22 |
| chiong | o, i try now. thks | 16:22 |
| nowen | np | 16:22 |
| *** Dacosta has quit (Quit: Page closed) | 16:24 | |
| chiong | hi @nowen, it works.. thanks alot. i am now running yum update to patch first. and it is late now. i will try to install wikid tomorrow. | 16:30 |
| nowen | ok - I won't be around much tomorrow as we are hosting a conference | 16:31 |
| nowen | but, if you follow the install manual from here, you should be good | 16:31 |
| nowen | https://www.wikidsystems.com/support/wikid-support-center/manual/how-to-install-the-wikid-strong-authentication-server | 16:31 |
| chiong | ok, noted. thanks for your help.. bye! | 16:33 |
| nowen | bye | 16:35 |
| *** chiong has quit (Ping timeout: 245 seconds) | 16:58 | |
| *** Skelroy_ (~Skelroy@71-85-217-74.dhcp.stls.mo.charter.com) has joined #wikid | 18:17 | |
| *** Skelroy_ has quit (Client Quit) | 18:17 | |
| *** Skelroy has quit (Ping timeout: 246 seconds) | 18:19 | |
| *** hany (4e65a0d5@gateway/web/freenode/ip.78.101.160.213) has joined #wikid | 18:39 | |
| *** genewitch (~genewitch@unaffiliated/genewitch) has joined #wikid | 19:01 | |
| *** hany has quit (Quit: Page closed) | 19:11 | |
| *** hani_ (4e65a0d5@gateway/web/freenode/ip.78.101.160.213) has joined #wikid | 19:11 | |
| genewitch | nowen: Hi there | 19:35 |
| nowen | hi | 19:35 |
| genewitch | I'm trying to install wikid on a redhat instance on AWS. I'll let you know how it goes | 19:38 |
| nowen | ok | 19:41 |
| nowen | should be fine | 19:41 |
| genewitch | last time it nuked eth0, is there documentation about what the network setup actuall does so i can set it up manually/ | 19:44 |
| nowen | hmm, I've never seen it do that. it just writes out the ifcfg files, I believe | 19:45 |
| genewitch | yeah i was able to start wikidctl this time | 19:49 |
| genewitch | nowen: how do i clear the generated cert and start over? | 19:54 |
| nowen | the intermediate ca and localhost? | 19:54 |
| nowen | they are in /opt/WiKID/private | 19:54 |
| genewitch | whatever it had me generate during "setup" | 19:54 |
| nowen | both are p12 files | 19:54 |
| nowen | oh that | 19:54 |
| genewitch | if i delete them and re-run setup will it have me regenerate them? | 19:55 |
| nowen | no, that's a different cert | 19:55 |
| genewitch | I only have links available and it throws an SSL error when i connect to the URL https://localhost.localdomain/WiKIDAdmin/ | 19:56 |
| nowen | well, it's a self-signed cert | 19:56 |
| nowen | are you accessing it locally? | 19:57 |
| genewitch | yeah | 19:59 |
| nowen | I thought you said it was in the cloud? | 19:59 |
| genewitch | I tried both, local and opening the firewall to allow external access | 20:00 |
| genewitch | yeah, i was using links to access the http://localhost.localdomain | 20:00 |
| nowen | are you running X on the server? | 20:00 |
| genewitch | Not yet :-) | 20:00 |
| nowen | i do not recommend it ;) | 20:01 |
| nowen | if you accept the ssl error, do you get the login? | 20:01 |
| genewitch | it appears not. I'll just start over, back in 10 :-D | 20:04 |
| nowen | I'm going to have to check out soon and run some errands - and tomorrow we're hosting a conference... | 20:33 |
| genewitch | I'll be ok | 21:08 |
| genewitch | have fun! | 21:08 |
| nowen | thanks | 21:08 |
| nowen | later all, | 21:09 |
| nowen | I'll peek in periodically tomorrow | 21:10 |
| *** nowen has quit (Quit: Leaving.) | 21:10 | |
| genewitch | bummer, i got the same error again | 21:17 |
| genewitch | it's just Elinks. I killed iptables and now my remote machine can access the admin page. | 21:22 |
| genewitch | cool, the token app just crashes my iphone | 21:50 |
| *** hani_ has quit (Ping timeout: 245 seconds) | 21:57 | |
| genewitch | I got it to work! | 22:22 |
| genewitch | I have no idea what to do with it, but that's not my job! | 22:22 |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!