[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and dynalogin (two-factor auth with HOTP)

To: Michael Ströder <michael@stroeder.com>, Dimitri <mitya@cargosoft.ru>
Subject: Re: OpenLDAP and dynalogin (two-factor auth with HOTP)
From: Howard Chu <hyc@symas.com>
Date: Mon, 29 Jun 2015 13:41:25 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <5590415A.9060307@stroeder.com>
References: <4F591236.1030305@pocock.com.au> <1331582509.4242.6.camel@localhost> <5590415A.9060307@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Michael Ströder wrote:

Dimitri,

Dimitri wrote:

I've been working on a related problem recently, so this may sound
interesting to you. I've developed a SLAPI plugin that implements OATH
HOTP authentication as LDAP simple bind. Token objects are stored in
LDAP directory; synchronization is implemented as an EXOP. SLAPI
implementation in OpenLDAP lacked EXOP support, so I've fixed that, too
(and I'm going to submit a patch soon). The project is being prepared to
be published under an open license. If that sounds interesting for you,
don't hesitate to drop me an email.

I'm also planning to port this plugin to OpenLDAP's native overlay API.


I'm currently also working one something like that.
I'd also like to have a standardized schema.

Fyi, I've been working on a TOTP overlay the past few days. (Overlay and pwcrypt mechanism.) Should be showing up in git this week.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Re: OpenLDAP and dynalogin (two-factor auth with HOTP)
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: OpenLDAP and dynalogin (two-factor auth with HOTP)
Next by Date: Problems with openLDAP + GSSAPI + JAVA
Index(es):
- Chronological
- Thread