[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5207) Password checking: external program



Full_Name: Hadmut Danisch
Version: 2.3.38
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (85.180.64.93)


Hi,

that's a feature request:

Sometimes it is necessary to use other authentication methods than the regular
password login. E.g. when using an insecure computer in an internet cafe to
login into a web mail frontend, which accesses an imap server, which
authenticates against LDAP. It would require to authenticate trough
one-time-passwords, HTTP-Cookies or other unusual methods. 

Actually,SASL provides a way to use other methods like One-time-passwords, but
is still too limited and there are too many programs (LDAP clients) out there
that don't support sasl authentication. 

Therefore it would be nice if slapd could be configured to do the password
checking over some external plugin or program, which could do any sort of
unusual checking.
This way a user could enter a one time password just as a normal LDAP login
password, and pass it through the chain of programs, e.g. mailclient -
maildaemon - LDAP or
browser - webmailer - imap - LDAP.

regards
Hadmut