Hi Quanah,
Am 05.06.21 um 22:11 schrieb Quanah Gibson-Mount:
--On Saturday, June 5, 2021 4:27 PM +0200 Stefan Kania stefan@kania-online.de wrote:
Hello,
I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10 with Kernel 5.9 from the backports. As OpenLDAP I use 2.5.5. I set up everything via Ansible. My configure-options are:
root@ldap25-p01:/opt/openldap-2.5.5/servers/slapd Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({TOTP1}) Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found Jun 05 15:24:52 ldap25-p01 slapd[16210]: config error processing cn=config: <olcPasswordHash> no valid hashes found
Hm, I've only ever used the OTP module that ships as a core part of OpenLDAP 2.5:
Personally I'd combine that with ARGON2 password hashes for secure password hash storage + 2 Factor auth.
I have not tried this one yet, I will give it a try next week.
Stefan
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com