[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL OTP?

To: openldap-software@openldap.org
Subject: Re: SASL OTP?
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sun, 26 Apr 2009 00:23:07 +0200
In-reply-to: <1iyr2qr.josxh71thd5exM%manu@netbsd.org>
User-agent: MacSOUP/2.7 (unregistered for 827 days)

Emmanuel Dreyfus <manu@netbsd.org> wrote:

> The cmusaslsecretOTP attribute does not seems to be used at all. I used
> a schema from draft-melnikov-sasl-auxprop-attrs-00.txt, is that wrong?

I found the problem: the authz-regex rule was bad: there is no realm for
OTP. This imprves the situation a lot, and cmusaslsecretOTP is used:

authz-regexp uid=([^,]*),cn=otp,cn=auth  ldap:///o=home?sub?(uid=$1)

$ ldapsearch  -Y OTP  -U user uid=user 
SASL/OTP authentication started
Challenge: otp-md5 498 bo8615 ext

Next stage is to actually use it: setting cmusaslsecretOTP properly and
validating the OTP.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: SASL OTP?
  - From: manu@netbsd.org (Emmanuel Dreyfus)

References:
- SASL OTP?
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: SASL OTP?
Next by Date: Re: SASL OTP?
Index(es):
- Chronological
- Thread