Hi
Anyone had success with SASL OTP? A quick search yields attempts using sasldb or a cmusaslsecretOTP attribute. I tried both but with little success.
If the authenticating user is in saslauthdb (inserted with saslpasswd2 -c user), slapd seems to fail finding it. I fo a ldapsearch -Y OTP -U user uid=user
On the very first attempt: SASL [conn=40] Failure: no user in db SASL [conn=40] Failure: no user in db SASL [conn=40] Failure: Error putting OTP secret conn=40 op=0 RESULT tag=97 err=80 text=SASL(-1): generic failure: Error putting OTP secret
On next attempts, the behavior is different: SASL [conn=33] Failure: no user in db SASL [conn=33] Failure: no user in db (many many more) SASL [conn=33] Failure: simultaneous OTP authentications not permitted conn=33 op=0 RESULT tag=97 err=52 text=SASL(-8): transient failure (e.g., weak key): simultaneous OTP authentications not permitted
If I remove it from the database (saslpasswd2 -d user): SASL [conn=34] Failure: no user in db SASL [conn=34] Failure: no user in db SASL [conn=34] Failure: no user in db SASL [conn=34] Failure: no OTP secret in database conn=34 op=0 RESULT tag=97 err=49 text=SASL(-13): user not found: no OTP secret in database
The cmusaslsecretOTP attribute does not seems to be used at all. I used a schema from draft-melnikov-sasl-auxprop-attrs-00.txt, is that wrong?
attributetype ( 1.3.6.1.4.1.3.8.1.1.3 NAME 'cmusaslsecretOTP' DESC 'OTP secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
(...)
objectclass ( 1.3.6.1.4.1.3.8.1.2.1 NAME 'cmuSaslUser' SUP top AUXILIARY MAY ( userPassword $ cmusaslsecretCRAM-MD5 $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretOTP $ cmusaslsecretSRP) )