[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OTP or 2FA for Manager Account?
- To: openldap-technical@openldap.org
- Subject: Re: OTP or 2FA for Manager Account?
- From: Peter <peter.gietz@daasi.de>
- Date: Wed, 16 May 2018 13:22:33 +0200
- Arc-authentication-results: i=1; auth=pass smtp.auth=peter.gietz@daasi.de smtp.mailfrom=peter.gietz@daasi.de
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=daasi.de; s=dkim; t=1526469748; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tbs4MiGpRoZUGkFpPTREowVBEtU/vlZPRlnid0RBqCQ=; b=KnRhBBlw1sN7GN8NJ5VStjwsiI9ZF1+nLVCOe2p15srtAcbPYXXihgKQsM2M6g4yjlvs1z bzxxsQ9cFKj0ETlTbEOh8sGKX00L4pYawUewKmq2mNl4Aw8nJcWnMzlivvRo1FAqXRE6Vz O1yA2cncVCcdNtngTDAGcmd4J5bRHh3BT0LrSbjITWy8iQY4eJO4Vvk01nqxnFD8EaWcrb U3tMPYSTTZ4ioTfd1J1tqI4vsNB4/KWIrvGdILl9vbZM21kBfbZvq+a192TQecoIW9ZlKW WFZqcfjXg2333yDzSh87qs4R7/ekUryYp4a5f5qGRC7pPuKKF+RyMusHh6soqg==
- Arc-seal: i=1; s=dkim; d=daasi.de; t=1526469748; a=rsa-sha256; cv=none; b=GvR1DWJ2RlJd8KRfQ428h6mUmkoSmjzIhcYqvkddHLfiNIXvtNbkoACe5WEBkuWpYP/svgBKeHu6JUXoc0qOt25meL/JfvJERV4FfX2G2GjgEDExRSc1cMFa71w+Wt4zX8N+DZb/beVQ1SFwnjxOqTu34J7xBTOG8wQUzfgFO2O+k+hCd865AdF26ee85QnHp1NY58GeMrxPFr1OLC1PSV8ZtsloVEJc52+t6cYH6Lz+Oy/GCMl2DvEsk8GrZF5WmEitEmlVd7JhDSwZlR7x6HBxBFBVkZYbMs5+t+5ySPEeYOhVgGWvg8HlmPfYpeclGAUfTmSAArrn/7a6hNfFRg==
- Authentication-results: auth=pass smtp.auth=peter.gietz@daasi.de smtp.mailfrom=peter.gietz@daasi.de
- Content-language: en-US
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daasi.de; s=dkim; t=1526469748; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tbs4MiGpRoZUGkFpPTREowVBEtU/vlZPRlnid0RBqCQ=; b=Jxl2NzBj4g0gpVc1kU9cNcd3iyXQKR0cr4Ft/HClTQ55yYZXMWjTBF6/epbe9YdINZL0Kf IwmKDz0DQSl7YZrCjdC6g9ingyqkvXx00iRrNUKH7ApOrmcAZyU5WmQlxp0ZfnsiAW1roK pafHQGnFoBHjHfiZJy72gcqThO5AS8yK1a+ka007Exz9cg19NyXJGRs1K38mV+ho69SCC0 FVqsXrYiu9xJha2t6TRiBlYRNu9z+pzdEY3uHKUPW53GLEnBVgxoLw/6nzDXVxcsS3C6Ce UNAogEI0xnDDRg2UzyF1/HQIIDlqnGofFuCLO04/lCIsz4YH+wXzJT0QsmgpLQ==
- In-reply-to: <96c7a190-22f8-b10b-777f-318df7a46218@stroeder.com>
- References: <CAAKHBKkiN932dxnZUtNxhaSUmD4eHHHxdDxxdbsRCA1U=HPS9w@mail.gmail.com> <96c7a190-22f8-b10b-777f-318df7a46218@stroeder.com>
- User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
Hi Michael,
Thanks for this summary, to which I can only add the english page of the
Russian activity:
http://cargosoft.ru/en/rm/118/119
Cheers,
Peter
Am 15.05.2018 um 19:06 schrieb Michael Ströder:
Douglas Duckworth wrote:
Does OpenLDAP support use of one time passwords or 2FA for the Manager
account?
There are several solutions:
1. contrib/slapd-modules/passwd/totp/
A proof of concept overlay which AFAICS replaces checking a normal
password by checking a generated TOTP value. So not really 2FA.
2. OATH HOTP LDAP Plugin by cargosoft.ru
Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115
I never checked this myself anyway and therefore can't comment.
3. OATH-LDAP
Most flexible solution but hard to setup, especially since not fully
documented yet. It's currently directly integrated into Æ-DIR but
could be used stand-alone. Being the author I'm biased of course.
Ciao, Michael.
--
_______________________________________________________________________
Peter Gietz (CEO)
DAASI International GmbH phone: +49 7071 407109-0
Europaplatz 3 Fax: +49 7071 407109-9
D-72072 Tübingen mail: peter.gietz@daasi.de
Germany Web: www.daasi.de
DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
Directory Applications for Advanced Security and Information Management
_______________________________________________________________________