Re: OTP broken?

Am Fri, 6 Nov 2015 08:55:34 +0000 schrieb Emmanuel Dreyfus <manu(a)netbsd.org&gt;: > Hello > > It seems OTP was broken at some time, I wonder if it is just me (and > why), or if it is more genral. I have a user with: > cmusaslsecretOTP: sha1 0499 se2124 xxxxxxxxxxxxxxxx > 00000000 > > slapd.conf contains: > access to dn.regex="^uid=.+,dc=example,dc=net$" attrs=cmusaslsecretOTP > by anonymous auth stop > by self write stop > by * none stop > > I try: > $ ldapwhomai -Y OTP -X dn:${user_dn} > SASL/OTP authentication started > (delay) > ldap_sasl_interactive_bind_s: Server is unavailable (52) > additional info: SASL(-8): transient failure (e.g., weak > key): simultaneous OTP authentications not permitted > > This is: > OpenLDAP 2.4.42 > Cyrusl SASL 2.1.26 If you are referring to sasl-OTP, which requires opiekey, this is still working, https://sys4.de/de/blog/2014/04/15/one-time-password-system-network-based... On the other hand, there is a Time based OTP module in contrib/slapd-modules/passwd/otpt which is broken, although i use google authenticator and alternatively sophos authenticator.