[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OTP or 2FA for Manager Account?
- To: Dave Macias <davama@gmail.com>, openldap-technical@openldap.org
- Subject: Re: OTP or 2FA for Manager Account?
- From: Michael Ströder <michael@stroeder.com>
- Date: Wed, 16 May 2018 15:25:14 +0200
- Autocrypt: addr=michael@stroeder.com; prefer-encrypt=mutual; keydata= xsBNBFbdnRoBCADj0vYA4aRwKJ6AE4mf8oElLgMT/1eLNKpJ2FYBWcwj9d8dTk5/p9b8DRxy S/qQIUUZqt9xRFZwUCm0vFeQMRDeN9xzAKoRzrJifoDOacOjG1lhZTKYvVZGgUT89Ao3QeHh Q7gPzcAKNoueoR2y3FXStOYuRrbk5PlSjVAITjsotgc7PWE9mmVYpeu8a+byK/DBHKUyolOA 1UXYvDa7MbPhMtdNm8qnwtKs1Vsyk1VkErM+5cIe+zTT6WYQcmZMRjCtWGiFTzk9W6Mdlskk WRTKhKNgokTsgcy1ecaCBUZWxv/SyXgD81+rwRi9b8Px+1reg43ayxi8sV7jrI1feybbABEB AAHNJ01pY2hhZWwgU3Ryw7ZkZXIgPG1pY2hhZWxAc3Ryb2VkZXIuY29tPsLAdwQTAQgAIQUC Vt2dGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAH3HrjaovJOFpTCACjO773gcmJ KvzjiNpUFl/gANyaJgIq4VbMQ7VthRb1F9X6YbdJ6Z99ntyESjGFCpjofcSomr2vJDpv6ht+ lY33yo20YwsMpqe2OeId0jPybG+FtabKjgBNoAk7iqnBGUvE4t0dz0n1LQVCQR2jxyTKmcNq OYpsRZ3H+6kWwJMuVgsNZglINVZ8JgV5QuLYN5jhYz+pOuFnU11bV6nWREvzZXzebe7g7Zus 6AsWjtJ0lDvgBNzLlF3/eFrVch6Bejs0SvuFseIdZQk+4YU6Rb8xul/jDFXIfo7eTmijO3dV T5AmC1cUi8czncwpgAJnEH8vYv23RoN/aw2gSMCS2huIzsBNBFbdnRoBCAC7L1cTVBVZZuM/ yxSUM5CsgGBlTD1Cr7C2ngZFsHSYXVLq6NUB8GZA2iLK96CrwnFw4/Jjz4llOjc50iVRMQKL RyFWOJAMrpPq2ew5T+Uoo524D//dwVbqkFVVuvM8NPiKIDyPGCjP+acM1D8hXwhOXgQ8Iz8Q 3/GRSYjitn9JrkF0ia2nhariznBKVu0LDffxF/hOCx45+QRR2/rYYlshfZMB7nEJX9P+hVfM CSzltz9Z8CldeUbiJvnyrISReR2XBw9oh8JkIUP0BtpIaify9A7EfzOk+W9BUnWe+YwdSUsB fJxOhSv+umyW5GMqZGFu+4oYnkzbe+1LUs1JarCtABEBAAHCwF8EGAEIAAkFAlbdnRoCGwwA CgkQB9x642qLyTjEUgf+JX6Atatl/QKe37yCj1OZYNPd3B0rPLJRF5mEmrADRXLZC9+uFeDS Wxxln040gnR6rjBHrRcvVmlTDiZY26iuL16+V+0/aZ9uyXNQSzk2cwDSiI/8gvr72Y+FN5fh cGXpeNHxHilYc9onzDhxyE76cwzqTKm4q2ULIH2u9IHQ5O86Fv6nHPYhe2fy1bhQapNwi/Xl 3G3i2WNH/w7m+1zWU1IddZOjmXzoxLT1BATwXGa0Tt5RjVb2mM1Wg3Zj6kqFkF2vvKcvrwj0 q0Ap5uyfN5m0uWzQMCMoaV9HQf7f5MkS1lnwBqDgnojjVAieX5uk7olUiRuPKHMfhvXulYP8 AA==
- In-reply-to: <CA+nFYV8RMChaN9dBcmxcNgWo=FK2gzpD2K67wG4o96ydyTpgRA@mail.gmail.com>
- Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
- References: <CAAKHBKkiN932dxnZUtNxhaSUmD4eHHHxdDxxdbsRCA1U=HPS9w@mail.gmail.com> <96c7a190-22f8-b10b-777f-318df7a46218@stroeder.com> <9d3c4856-6672-76c8-c6b7-dc4eee478d77@daasi.de> <CA+nFYV8RMChaN9dBcmxcNgWo=FK2gzpD2K67wG4o96ydyTpgRA@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 SeaMonkey/2.49.3
Dave Macias wrote:
> I too have been wondering about TOTP with openldap but always found it
> hard to find documentation on it. Any chance to have this documented?
> Dont see it in the site
Which of the three solutions / sites do you mean?
Ciao, Michael.
> On Wed, May 16, 2018 at 7:23 AM Peter <peter.gietz@daasi.de
> <mailto:peter.gietz@daasi.de>> wrote:
>
> Hi Michael,
>
> Thanks for this summary, to which I can only add the english page of
> the
> Russian activity:
>
> http://cargosoft.ru/en/rm/118/119
>
> Cheers,
>
> Peter
>
>
>
> Am 15.05.2018 um 19:06 schrieb Michael Ströder:
> > Douglas Duckworth wrote:
> >> Does OpenLDAP support use of one time passwords or 2FA for the
> Manager
> >> account?
> >
> > There are several solutions:
> >
> > 1. contrib/slapd-modules/passwd/totp/
> > A proof of concept overlay which AFAICS replaces checking a normal
> > password by checking a generated TOTP value. So not really 2FA.
> >
> > 2. OATH HOTP LDAP Plugin by cargosoft.ru <http://cargosoft.ru>
> > Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115
> > I never checked this myself anyway and therefore can't comment.
> >
> > 3. OATH-LDAP
> > Most flexible solution but hard to setup, especially since not fully
> > documented yet. It's currently directly integrated into Æ-DIR but
> > could be used stand-alone. Being the author I'm biased of course.
> >
> > Ciao, Michael.