[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OTP broken?
Hello
It seems OTP was broken at some time, I wonder if it is just me (and why),
or if it is more genral. I have a user with:
cmusaslsecretOTP: sha1 0499 se2124 xxxxxxxxxxxxxxxx 00000000
slapd.conf contains:
access to dn.regex="^uid=.+,dc=example,dc=net$" attrs=cmusaslsecretOTP
by anonymous auth stop
by self write stop
by * none stop
I try:
$ ldapwhomai -Y OTP -X dn:${user_dn}
SASL/OTP authentication started
(delay)
ldap_sasl_interactive_bind_s: Server is unavailable (52)
additional info: SASL(-8): transient failure (e.g., weak key): simultaneous OTP authentications not permitted
This is:
OpenLDAP 2.4.42
Cyrusl SASL 2.1.26
While there, this uses sha1. Is there some new specs about doing
it with sha256? Patching cyrus-sasl to add a new hashing algorithme
is just a one liner.
--
Emmanuel Dreyfus
manu@netbsd.org