On Wed, Jul 31, 2019 at 11:02:55AM -0400, Greg Veldman wrote:

On Wed, Jul 31, 2019 at 03:25:21PM +0100, Howard Chu wrote:

...

I've been looking for a way to support the hashing callbacks. Without them, this won't be accepted.

Easiest at this point is simply to define a character (maybe space, or tab) as a delimiter between seed and password.

Thanks Howard. I was trying to stay away from that as it would make it somewhat confusing to use that character, but if you think it's OK to implement that way I'll give it a shot. I'll just make sure it's well documented in the manpage as well...

v3 of the patch is available, which includes hashing functions and documents the expected input format when using those functions. I don't have the updated module on any of my servers yet, but running slappasswd from my build directory does seem to yield the same results as the non-password versions:

$ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1}" New password: Re-enter new password: {TOTP1}GAYA====

$ ../../../../servers/slapd/slappasswd -T passwd -o module-load=`pwd`/.libs/pw-totp.so -h "{TOTP1ANDPW}" New password: Re-enter new password: {TOTP1ANDPW}GAYA====|{SSHA}Qo6WiIWWsWohlwZSo9oQkImKvSNArGio

This is using an OTP seed of 00 and a password of foo

https://scinet.supercomputing.org/~gv/slapd-totp-v3.txt