[Date Prev][Date Next] [Chronological] [Thread] [Top]

OTP broken?



Hello

It seems OTP was broken at some time, I wonder if it is just me (and why),
or if it is more genral. I have a user with:
cmusaslsecretOTP: sha1    0499    se2124  xxxxxxxxxxxxxxxx        00000000

slapd.conf contains:
access to dn.regex="^uid=.+,dc=example,dc=net$" attrs=cmusaslsecretOTP
    by anonymous auth stop
    by self write stop
    by * none stop

I try:
$ ldapwhomai -Y OTP -X dn:${user_dn}
SASL/OTP authentication started
(delay)
ldap_sasl_interactive_bind_s: Server is unavailable (52)
        additional info: SASL(-8): transient failure (e.g., weak key): simultaneous OTP authentications not permitted

This is:
OpenLDAP 2.4.42
Cyrusl SASL 2.1.26

While there, this uses sha1. Is there some new specs about doing 
it with sha256? Patching cyrus-sasl to add a new hashing algorithme 
is just a one liner.

-- 
Emmanuel Dreyfus
manu@netbsd.org