SecurID prompt for account that doesn't need it

[ajackley]

Hi, when I use Pidgin to try to log in to AIM, it prompts me for a SecurID code. My AIM account has not required a SecurID code for 2+ years, and when I use AOL's AIM software it does not prompt me.

Is there a local (registry) setting it's looking for, or is it getting this trigger to prompt for SecurID from the AOL server at login.messaging.aol.com?

Any assistance you can provide in resolving this frustrating case would be most appreciated.

[deryni]

While I can't say for certain (as I'm not that familiar with the Oscar code) it appears to me from a quick read that if you are referring to the "Enter SecurID" dialog then yes, pidgin is doing that because of a request from the server. If you open the Help->Debug Window and watch the debug output as you connect you should see the oscar prpl print a message saying it received a SecurID request. It is, of course, possible that there is some more information we aren't paying attention to that says to ignore the request or some-such but that is entirely beyond me.

[MarkDoliner]

Yes, that is correct, we're prompting for SecurID because of a request from the server. Maybe SecurID is configured for your account but temporarily disabled or something? I haven't heard of this before. It's possible I could figure out what's causing it if I had a packet capture to look at, but no guarantees.

If you're comfortable with the idea of sending your network traffic to me then you can take a packet capture using Wireshark (from http://www.wireshark.org/). Just start Wireshark, start capturing packets on your primary network device, then start Pidgin and signon. Once you've received the SecurID prompt wait a second or two then stop Wireshark and save the packets to a file in the pcap format.

And I'd recommend emailing that to me at mark@…. Or you could paste it here if you really wanted to. There shouldn't be a lot of personal information in the packet capture, mostly just your screen name. There might also be an md5 checksum of your password+another string--I don't remember if that is sent before or after the SecurID request.

[kpfx]

If you need data on this I'd be happy to help as I'm seeing the same issue.

My AOL account used the SecureID login and I was able to use Pidgin without any issues. Recently I made some changes and my account was modified by AOL OpsSec? and is no longer associated with the SecureID stuff. I can login to the web and official clients without getting prompted for the SecureID... however Pidgin still insists that I need one (and thus rejects my login saying "Authentication failed").

[bernmeister]

ajackley/kpfx: If this is still an issue could you please forward the data to MarkDoliner as requested.

[kpfx]

FYI. No longer seeing this issue (using version 2.6.2 on Linux and 2.6.5 on Vista).

[bernmeister]

Can this ticket be closed or is this issue still persistent?

[ajackley]

Yes, please close this ticket. It is resolved