[Date Prev][Date Next] [Chronological] [Thread] [Top]

OTP broken?

To: openldap-technical@openldap.org
Subject: OTP broken?
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Fri, 6 Nov 2015 08:55:34 +0000
Content-disposition: inline
User-agent: Mutt/1.5.23 (2014-03-12)

Hello

It seems OTP was broken at some time, I wonder if it is just me (and why),
or if it is more genral. I have a user with:
cmusaslsecretOTP: sha1    0499    se2124  xxxxxxxxxxxxxxxx        00000000

slapd.conf contains:
access to dn.regex="^uid=.+,dc=example,dc=net$" attrs=cmusaslsecretOTP
    by anonymous auth stop
    by self write stop
    by * none stop

I try:
$ ldapwhomai -Y OTP -X dn:${user_dn}
SASL/OTP authentication started
(delay)
ldap_sasl_interactive_bind_s: Server is unavailable (52)
        additional info: SASL(-8): transient failure (e.g., weak key): simultaneous OTP authentications not permitted

This is:
OpenLDAP 2.4.42
Cyrusl SASL 2.1.26

While there, this uses sha1. Is there some new specs about doing 
it with sha256? Patching cyrus-sasl to add a new hashing algorithme 
is just a one liner.

-- 
Emmanuel Dreyfus
manu@netbsd.org

Follow-Ups:
- Re: OTP broken?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: OTP broken?
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: OTP broken?
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: RE: Antw: accesslog purge starves kerberos kdc authentications
Next by Date: Re: OTP broken?
Index(es):
- Chronological
- Thread