[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and dynalogin (two-factor auth with HOTP)



Michael Ströder wrote:
Dimitri,

Dimitri wrote:
I've been working on a related problem recently, so this may sound
interesting to you. I've developed a SLAPI plugin that implements OATH
HOTP authentication as LDAP simple bind. Token objects are stored in
LDAP directory; synchronization is implemented as an EXOP. SLAPI
implementation in OpenLDAP lacked EXOP support, so I've fixed that, too
(and I'm going to submit a patch soon). The project is being prepared to
be published under an open license. If that sounds interesting for you,
don't hesitate to drop me an email.

I'm also planning to port this plugin to OpenLDAP's native overlay API.

I'm currently also working one something like that.
I'd also like to have a standardized schema.

Fyi, I've been working on a TOTP overlay the past few days. (Overlay and pw crypt mechanism.) Should be showing up in git this week.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/