Sometimes when I try to login (to edit a page) here then I can see the following error message: Error: OpenID failure: time_bad_sig: Please note that authorization process successes on OpenID server side. It occurs both for [getopenid.com](http://www.getopenid.com/) and [myopenid.com](http://www.myopenid.com/) servers I use. I'm reporting this, but I'm not sure whether a problem is with your ikiwiki or my OpenID servers. --[[Paweł|ptecza]] > I've seen this too, once or twice (using myopenid), and reauthenticating > fixed it -- so I can't reproduce it reliably to work on it. I think I've > seen it both on this wiki and on the one running on my laptop. > > The perl openid client module seems > to fail with time_bad_sig if the time in the signature from the other end > is "faked". I'm not 100% sure what this code does yet: # check age/signature of return_to my $now = time(); { my ($sig_time, $sig) = split(/\-/, $self->args("oic.time") || ""); # complain if more than an hour since we sent them off return $self->_fail("time_expired") if $sig_time < $now - 3600; also complain if the signature is from the future by more than 30 seconds, # which compensates for potential clock drift between nodes in a web farm. return $self->_fail("time_in_future") if $sig_time - 30 > $now; # and check that the time isn't faked my $c_secret = $self->_get_consumer_secret($sig_time); my $good_sig = substr(OpenID::util::hmac_sha1_hex($sig_time, $c_secret), 0, 20); return $self->_fail("time_bad_sig") unless $sig eq $good_sig; } > At least it doesn't seem to be a time sync problem since the test for too > early/too late times have different error messages.. --[[Joey]] I've had this problem too, but with my track record of reporting OpenID bugs I thought it best if I held my tongue. I usually experience this the first time I sign in on any ikiwiki installation of {ikiwiki.kitenet, ikidev, betacantrips}, and I think re-logging in always works. --Ethan > Does seem easier to repro than I thought. > Ok, fixed it.. [[bugs/done]] --[[Joey]]