[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
From: gv@members.scinet.supercomputing.org
Date: Wed, 31 Jul 2019 20:14:55 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On Wed, Jul 31, 2019 at 11:02:55AM -0400, Greg Veldman wrote:
> On Wed, Jul 31, 2019 at 03:25:21PM +0100, Howard Chu wrote:
> > I've been looking for a way to support the hashing callbacks. Without them,
> > this won't be accepted.
> > 
> > Easiest at this point is simply to define a character (maybe space, or tab)
> > as a delimiter between seed and password.
> 
> Thanks Howard.  I was trying to stay away from that as it would
> make it somewhat confusing to use that character, but if you
> think it's OK to implement that way I'll give it a shot.  I'll
> just make sure it's well documented in the manpage as well...

v3 of the patch is available, which includes hashing functions
and documents the expected input format when using those functions.
I don't have the updated module on any of my servers yet, but
running slappasswd from my build directory does seem to yield
the same results as the non-password versions:

$ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1}"
New password: 
Re-enter new password: 
{TOTP1}GAYA====

$ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1ANDPW}"
New password: 
Re-enter new password: 
{TOTP1ANDPW}GAYA====|{SSHA}Qo6WiIWWsWohlwZSo9oQkImKvSNArGio

This is using an OTP seed of 00 and a password of foo

https://scinet.supercomputing.org/~gv/slapd-totp-v3.txt

-- 
Greg Veldman

Prev by Date: Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
Index(es):
- Chronological
- Thread