[Safeword 2008] Match Authenticator with username

In SafeWord 2008, where there is an option to search for an authenticator, there is no view that shows the found authenticator’s serial number to be matched with the corresponding username. For example, in the SafeWord 2008 Management Console, under Find -> Authenticators -> Software/Hardware Authenticators … searching for a token by serial number will display a tabular window with the found serial number and number of users that token is assigned to (1 or more). The problem is the tabular view does not show the actual username. The tedious work around if you don’t have an association documented elsewhere, is to:

  • search by username and see if they are associated with that particular token.

The not so tedious work-around is to

  • try and delete the token (only if it has an association) to have SafeWord 2008 refuse then present you with the username the token belongs to.

Well, if you have ever stumbled across this problem I have another solution for you. I wrote a short Tcl script which scans the backup database in LDIF format and then presents the username to serial number mapping. Here is a sample run:

swinful> ./safeword-userinfo safeword-2010-10-06.ldif
user00000         00000002 F000001
admin              {$FixedPasswd$}
user00001          00000001
user00002        {$FixedPasswd$}
user00003          G000001
user00004          00000004

The first column is the username followed by the second column containing the list of tokens associated with that username. $FixedPasswd$ is a place-holder indicating the username is associated with a “fixed password/token”. The script safeword-userinfo takes only one argument which is the ldif backup file produced from SafeWord 2008. If necessary this script may be obtained from the public git repository.

This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s