Michael Ströder michael@stroeder.com schrieb am 18.06.2021 um 14:17 in
Nachricht db4c2fd2-4348-f801-e07a-32d2da9241f0@stroeder.com:
On 6/18/21 2:00 PM, Stefan Kania wrote:
Am 17.06.21 um 23:51 schrieb Michael Ströder:
Using the old totp module is a waste of time.
ok ok ok :-) I now used the otp module together with argon2 als password, and it's running.
The really huge advantage of slapo-otp is that you manage userPassword and oathSecret separately, e.g. protected by different ACLs for authorizing different roles.
But why, if it's old and not working, is pw-totp still part of 2.5.
AFAIK this old implementation was a PoC and is therefore located in contrib/ just like any other stuff not officially supported. It's not built by default.
IMHO obsolete PoCs should be one of: 1) flagged as obsolete 2) be updated to a newer version 3) be removed
Regards, Ulrich
In my own packages I only build selected contrib modules. totp is not among those modules.
Ciao, Michael.