Am 15.05.2018 um 19:06 schrieb Michael Ströder:
Douglas Duckworth wrote:
Does OpenLDAP support use of one time passwords or 2FA for the Manager
account?
There are several solutions:
1. contrib/slapd-modules/passwd/totp/
A proof of concept overlay which AFAICS replaces checking a normal password
by checking a generated TOTP value. So not really 2FA.
But certainly OTP, which is part of the original question. Unfortunately
Google Authenticator only uses 6 digits. With a longer input, OTP is
sufficiently strong for most authentication purposes all by itself, no need
for a 2nd factor. (See S/Key, OPIE)
2. OATH HOTP LDAP Plugin by cargosoft.ru
Sorry, I only found a Russian site: http://cargosoft.ru/ru/rm/113/115
I never checked this myself anyway and therefore can't comment.
3. OATH-LDAP
Most flexible solution but hard to setup, especially since not fully
documented yet. It's currently directly integrated into Æ-DIR but could be
used stand-alone. Being the author I'm biased of course.
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
