[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#9055) contrib/slapd-modules/passwd/totp improvements
On Wed, Jul 31, 2019 at 08:14:55PM +0000, gv@members.scinet.supercomputing.org wrote:
> v3 of the patch is available, which includes hashing functions
> and documents the expected input format when using those functions.
> I don't have the updated module on any of my servers yet, but
> running slappasswd from my build directory does seem to yield
> the same results as the non-password versions:
>
> $ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1}"
> New password:
> Re-enter new password:
> {TOTP1}GAYA====
>
> $ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1ANDPW}"
> New password:
> Re-enter new password:
> {TOTP1ANDPW}GAYA====|{SSHA}Qo6WiIWWsWohlwZSo9oQkImKvSNArGio
>
> This is using an OTP seed of 00 and a password of foo
>
> https://scinet.supercomputing.org/~gv/slapd-totp-v3.txt
Hi Greg,
looking at the code, I think I'd be ok with this functionality and
nothing major comes up for me.
I would like to see a few changes though:
- could you split it in two patches, one to check the previous time step
(+doc) and one to support the new schemes (+doc)?
- I don't think you need to allocate a copy of the passwd just come in,
you can just frame it into separate bervals reusing the provided
buffer so long as you keep in mind they are not NUL-terminated
properly.
Just a style note, if there's an else coming, could you make sure both
the if and the else blocks are in {}?
Regards,
--
OndÅ?ej KuznÃk
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP