Hello
It seems OTP was broken at some time, I wonder if it is just me (and why), or if it is more genral. I have a user with: cmusaslsecretOTP: sha1 0499 se2124 xxxxxxxxxxxxxxxx 00000000
slapd.conf contains: access to dn.regex="^uid=.+,dc=example,dc=net$" attrs=cmusaslsecretOTP by anonymous auth stop by self write stop by * none stop
I try: $ ldapwhomai -Y OTP -X dn:${user_dn} SASL/OTP authentication started (delay) ldap_sasl_interactive_bind_s: Server is unavailable (52) additional info: SASL(-8): transient failure (e.g., weak key): simultaneous OTP authentications not permitted
This is: OpenLDAP 2.4.42 Cyrusl SASL 2.1.26
While there, this uses sha1. Is there some new specs about doing it with sha256? Patching cyrus-sasl to add a new hashing algorithme is just a one liner.