[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OTP or 2FA for Manager Account?



Sorry, looks like i got a bit confused

So, 2FA not just plain OTP.
So password+OTP is what im looking for.


On Thu, May 17, 2018 at 10:52 AM Dave Macias <davama@gmail.com> wrote:
Thank you for the reply Michael,

This one in: 
3. OATH-LDAP

But in general just want to test a way to add OTP to openldap, which ever works

-dave

On Wed, May 16, 2018 at 9:25 AM Michael Ströder <michael@stroeder.com> wrote:
Dave Macias wrote:
> I too have been wondering about TOTP with openldap but always found it
> hard to find documentation on it. Any chance to have this documented?
> Dont see it in the site

Which of the three solutions / sites do you mean?

Ciao, Michael.

> On Wed, May 16, 2018 at 7:23 AM Peter <peter.gietz@daasi.de
> <mailto:peter.gietz@daasi.de>> wrote:
>
>     Hi Michael,
>
>     Thanks for this summary, to which I can only add the english page of
>     the
>     Russian activity:
>
>     http://cargosoft.ru/en/rm/118/119
>
>     Cheers,
>
>     Peter
>
>
>
>     Am 15.05.2018 um 19:06 schrieb Michael Ströder:
>     > Douglas Duckworth wrote:
>     >> Does OpenLDAP support use of one time passwords or 2FA for the
>     Manager
>     >> account?
>     >
>     > There are several solutions:
>     >
>     > 1. contrib/slapd-modules/passwd/totp/
>     > A proof of concept overlay which AFAICS replaces checking a normal
>     > password by checking a generated TOTP value. So not really 2FA.
>     >
>     > 2. OATH HOTP LDAP Plugin by cargosoft.ru <http://cargosoft.ru>
>     > Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115
>     > I never checked this myself anyway and therefore can't comment.
>     >
>     > 3. OATH-LDAP
>     > Most flexible solution but hard to setup, especially since not fully
>     > documented yet. It's currently directly integrated into Æ-DIR but
>     > could be used stand-alone. Being the author I'm biased of course.
>     >
>     > Ciao, Michael.