[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OTP or 2FA for Manager Account?

To: Douglas Duckworth <dod2014@med.cornell.edu>, openldap-technical@openldap.org
Subject: Re: OTP or 2FA for Manager Account?
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 15 May 2018 19:06:41 +0200
In-reply-to: <CAAKHBKkiN932dxnZUtNxhaSUmD4eHHHxdDxxdbsRCA1U=HPS9w@mail.gmail.com>
References: <CAAKHBKkiN932dxnZUtNxhaSUmD4eHHHxdDxxdbsRCA1U=HPS9w@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 SeaMonkey/2.49.3

Douglas Duckworth wrote:

Does OpenLDAP support use of one time passwords or 2FA for the Manager
account?


There are several solutions:

1. contrib/slapd-modules/passwd/totp/

A proof of concept overlay which AFAICS replaces checking a normalpassword by checking a generated TOTP value. So not really 2FA.


2. OATH HOTP LDAP Plugin by cargosoft.ru
Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115
I never checked this myself anyway and therefore can't comment.

3. OATH-LDAP

Most flexible solution but hard to setup, especially since not fullydocumented yet. It's currently directly integrated into Æ-DIR but couldbe used stand-alone. Being the author I'm biased of course.


Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: OTP or 2FA for Manager Account?
  - From: Ondřej Kuzník <ondra@mistotebe.net>
- Re: OTP or 2FA for Manager Account?
  - From: Peter <peter.gietz@daasi.de>

References:
- OTP or 2FA for Manager Account?
  - From: Douglas Duckworth <dod2014@med.cornell.edu>

Prev by Date: OTP or 2FA for Manager Account?
Next by Date: Re: OTP or 2FA for Manager Account?
Index(es):
- Chronological
- Thread