RSS feed

Re: Support OTP

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Support OTP

On 3/10/19 4:25 PM, Arthur de Jong wrote:
> On Thu, 2019-03-07 at 11:22 -0500, Dave Macias wrote:
>> Any thoughts of including otp ?
> If I read it correctly, both solutions replace the password
> authentication that is done by OpenLDAP with OATH TOTP or HOTP
> authentication.

In the first link it's said:
"..they can use the token to log in alongside their usual password."

From my understanding the user's password and the OTP is entered as
password for LDAP simple bind request.

Same solution like my OATH-LDAP (and actually Symas is using OATH-LDAP's
schema for that).

> In that sense it is still not two-factor authentication (there is still
> one factor but it is not a password).

That's only true for contrib/slapd-modules/passwd/totp.

> I think both solutions should already be compatible with nss-pam-ldapd
> because they both support authentication using the BIND operation.


Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

To unsubscribe send an email to or see