Re: SASL OTP?

Emmanuel Dreyfus manu@netbsd.org wrote:

The cmusaslsecretOTP attribute does not seems to be used at all. I used a schema from draft-melnikov-sasl-auxprop-attrs-00.txt, is that wrong?

I found the problem: the authz-regex rule was bad: there is no realm for OTP. This imprves the situation a lot, and cmusaslsecretOTP is used:

authz-regexp uid=([^,]*),cn=otp,cn=auth ldap:///o=home?sub?(uid=$1)

$ ldapsearch -Y OTP -U user uid=user SASL/OTP authentication started Challenge: otp-md5 498 bo8615 ext

Next stage is to actually use it: setting cmusaslsecretOTP properly and validating the OTP.