[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
On Thu, Jul 18, 2019 at 08:32:22PM +0100, Howard Chu wrote:
> it doesn't support setting
> the password using the PasswordModify exop. That seems to imply that users are
> required to generate their passwords using some other tool, and set them using a
> normal Modify op, but doing so is deprecated.
That is correct.
> Password changes should only be done
> using the PasswordModify exop.
I wasn't sure how to do this. My implementation is essentially
two password checks in one, so I need a way to tell the data
apart. For the check functions this was easy as the OTP key
is stored base32 encoded, and the DELIM character should not
appear in a base32 string. For actual password input, I don't
think I can make that assumption.
I think the safest way to hash this scheme would be to have
two separate input prompts, but I didn't see in the existing
code a provision for this. It's possible I wasn't looking in
the right places. If you have any suggestions I'd be happy to
try writing that code.
--
Greg Veldman
IT Infrastructure Services, Purdue University
gv@purdue.edu | (765)-496-2456