[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL OTP?
Hi
Anyone had success with SASL OTP? A quick search yields attempts using
sasldb or a cmusaslsecretOTP attribute. I tried both but with little
success.
If the authenticating user is in saslauthdb (inserted with saslpasswd2
-c user), slapd seems to fail finding it. I fo a
ldapsearch -Y OTP -U user uid=user
On the very first attempt:
SASL [conn=40] Failure: no user in db
SASL [conn=40] Failure: no user in db
SASL [conn=40] Failure: Error putting OTP secret
conn=40 op=0 RESULT tag=97 err=80 text=SASL(-1): generic failure: Error
putting OTP secret
On next attempts, the behavior is different:
SASL [conn=33] Failure: no user in db
SASL [conn=33] Failure: no user in db
(many many more)
SASL [conn=33] Failure: simultaneous OTP authentications not permitted
conn=33 op=0 RESULT tag=97 err=52 text=SASL(-8): transient failure
(e.g., weak key): simultaneous OTP authentications not permitted
If I remove it from the database (saslpasswd2 -d user):
SASL [conn=34] Failure: no user in db
SASL [conn=34] Failure: no user in db
SASL [conn=34] Failure: no user in db
SASL [conn=34] Failure: no OTP secret in database
conn=34 op=0 RESULT tag=97 err=49 text=SASL(-13): user not found: no OTP
secret in database
The cmusaslsecretOTP attribute does not seems to be used at all. I used
a schema from draft-melnikov-sasl-auxprop-attrs-00.txt, is that wrong?
attributetype ( 1.3.6.1.4.1.3.8.1.1.3
NAME 'cmusaslsecretOTP'
DESC 'OTP secret'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
(...)
objectclass ( 1.3.6.1.4.1.3.8.1.2.1
NAME 'cmuSaslUser'
SUP top
AUXILIARY
MAY ( userPassword $ cmusaslsecretCRAM-MD5 $
cmusaslsecretDIGEST-MD5 $
cmusaslsecretOTP $ cmusaslsecretSRP) )
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org