Full_Name: Hadmut Danisch Version: 2.3.38 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (85.180.64.93) Hi, that's a feature request: Sometimes it is necessary to use other authentication methods than the regular password login. E.g. when using an insecure computer in an internet cafe to login into a web mail frontend, which accesses an imap server, which authenticates against LDAP. It would require to authenticate trough one-time-passwords, HTTP-Cookies or other unusual methods. Actually,SASL provides a way to use other methods like One-time-passwords, but is still too limited and there are too many programs (LDAP clients) out there that don't support sasl authentication.

Therefore it would be nice if slapd could be configured to do the password checking over some external plugin or program, which could do any sort of unusual checking. This way a user could enter a one time password just as a normal LDAP login password, and pass it through the chain of programs, e.g. mailclient - maildaemon - LDAP or browser - webmailer - imap - LDAP.