lists.arthurdejong.org
RSS feed

Re: Support OTP

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Support OTP



On Thu, 2019-03-07 at 11:22 -0500, Dave Macias wrote:
> Any thoughts of including otp ?
> 
> https://symas.com/two-factor-authentication-everywhere/
> https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/totp

If I read it correctly, both solutions replace the password
authentication that is done by OpenLDAP with OATH TOTP or HOTP
authentication.

In that sense it is still not two-factor authentication (there is still
one factor but it is not a password).

I think both solutions should already be compatible with nss-pam-ldapd
because they both support authentication using the BIND operation.

The most common way of setting up two-factor authentication is by using
PAM and have one module for validating the password and one for
validating the OTP.

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/