On Fri, Jul 19, 2019 at 02:30:48PM -0400, Greg Veldman wrote:

I'll submit an updated patch shortly to fix this, as well as some documentation updates for issues pointed out.

I have generated an updated version of the patch, with the following changes from the original:

- Avoid the side effects of short-circuit &&

- Point out the need for one initial authentication in the current window to verify clocks before the previous window logic kicks in

- Document as a bug the lack of hash functions for the new schemes

Updated patch:

https://scinet.supercomputing.org/~gv/slapd-totp-v2.txt