[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
From: hyc@symas.com
Date: Thu, 18 Jul 2019 19:32:32 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

gv@members.scinet.supercomputing.org wrote:
> Full_Name: Greg Veldman
> Version: HEAD
> OS: CentOS 7
> URL: https://scinet.supercomputing.org/~gv/slapd-totp.txt
> Submission from: (NULL) (128.210.189.74)
> 
> 
> Improve the contrib/slapd-modules/passwd/totp module in the following ways:
> 
> - Add support for two-factor (password+OTP) authentication, where password can
> be defined via any currently-supported scheme.

Your implementation of this feature is problematic, as it doesn't support setting
the password using the PasswordModify exop. That seems to imply that users are
required to generate their passwords using some other tool, and set them using a
normal Modify op, but doing so is deprecated. Password changes should only be done
using the PasswordModify exop.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
Next by Date: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
Index(es):
- Chronological
- Thread