[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
- From: hyc@symas.com
- Date: Thu, 18 Jul 2019 19:32:32 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
gv@members.scinet.supercomputing.org wrote:
> Full_Name: Greg Veldman
> Version: HEAD
> OS: CentOS 7
> URL: https://scinet.supercomputing.org/~gv/slapd-totp.txt
> Submission from: (NULL) (128.210.189.74)
>
>
> Improve the contrib/slapd-modules/passwd/totp module in the following ways:
>
> - Add support for two-factor (password+OTP) authentication, where password can
> be defined via any currently-supported scheme.
Your implementation of this feature is problematic, as it doesn't support setting
the password using the PasswordModify exop. That seems to imply that users are
required to generate their passwords using some other tool, and set them using a
normal Modify op, but doing so is deprecated. Password changes should only be done
using the PasswordModify exop.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/