Re: Support OTP

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Dave Macias <davama [at] gmail.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Support OTP
Date: Sun, 10 Mar 2019 16:25:11 +0100

On Thu, 2019-03-07 at 11:22 -0500, Dave Macias wrote:
> Any thoughts of including otp ?
> 
> https://symas.com/two-factor-authentication-everywhere/
> https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/totp

If I read it correctly, both solutions replace the password
authentication that is done by OpenLDAP with OATH TOTP or HOTP
authentication.

In that sense it is still not two-factor authentication (there is still
one factor but it is not a password).

I think both solutions should already be compatible with nss-pam-ldapd
because they both support authentication using the BIND operation.

The most common way of setting up two-factor authentication is by using
PAM and have one module for validating the password and one for
validating the OTP.

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Support OTP, Dave Macias
- Re: Support OTP, Arthur de Jong

Prev by Date: Support OTP
Next by Date: Re: pam password changing
Previous by thread: Support OTP
Next by thread: Re: Support OTP