Yubikeys and Citrix Web Interface

I’ve had a look at using yubikeys with the xenapp 5 web interface recently to enhance the security of external access to our systems. I’ve installed a yubiradius server on our ESX infrastructure and have it validating users correctly. The only issue is the odd way that the server handles passcodes. Sending simply the passcode on it’s own won’t work. Yubiradius will be unable to parse the key, as it attempts to split the string int “password” and “yubikey”. Now, as far as I can tell nothing happens to the actual password field. I’ve been logging on with my user name, password and in the passcode box I can enter any rubbish followed by the yubikey OTP. The server then parses this correctly and everything seems to be ok. So, in order that users don’t ahve to enter some rubbish before the OTP, I’ve written a short bit of java to prepend some rubbish to the passcode box and then sending the form.

You’ll need to find “login.js” on the server and add the following somewhere. The document.get element should be on a single line. Wrapped for readbility
function mangle()
{
document.getElementById("passcode").value=
document.getElementById("password").value+
document.getElementById("passcode").value;
}

Find the function “function setup_login_submit_keys()” and edit it so that it looks like this:
if (keynum == 13) { // enter key
mangle()
submitForm();
return false;
}

This should work. As the yubikey has an “enter” at the end of it, then this will run the manglescript when the form is submitted with enter. It doesn’t do anything clever. It jsut adds the entered password before the yubikey OTP is sent. Seems to work fine for me.

Enjoy!

Popping audio

Have been having issues regarding audio popping on my new PC with an SB Audigy (old!), Via HD and a logitech G930. Anyway, after running http://www.thesycon.de/deu/latency_check.shtml (edit this http://www.resplendence.com/latencymon is better) for a minute you can easily see the peaks. They appeared to be random an no amount of disabling devices would help.

From here you can see the offending drivers. In my case it was the wifi and usbport.sys. Obviously, the usbport was anything that was plugged in to it, which then went into a hub full of devices. I switched a few devices around by moving them to different ports and updated all the drivers I could find. Seems to ahve resolved my popping issues at least.

I believe that PCI-e has a higher latency than PCI, so I’m assuming in the futre that this is just going to get worse, unless intel release a specific low-latency bus purely for things like audio.

Hacked

Looks like the website was hacked. Only a minor change to the title. Not entirely sure how it happened. Not a great deal in the logs, though I’m not sure when it happened either. Hoepfully I’ve fixed it now but we shall see!