18 Jun
2021
18 Jun
'21
5:17 a.m.
On 6/18/21 2:00 PM, Stefan Kania wrote:
Am 17.06.21 um 23:51 schrieb Michael Ströder:
Using the old totp module is a waste of time.
ok ok ok :-) I now used the otp module together with argon2 als password, and it's running.
The really huge advantage of slapo-otp is that you manage userPassword and oathSecret separately, e.g. protected by different ACLs for authorizing different roles.
But why, if it's old and not working, is pw-totp still part of 2.5.
AFAIK this old implementation was a PoC and is therefore located in contrib/ just like any other stuff not officially supported. It's not built by default.
In my own packages I only build selected contrib modules. totp is not among those modules.
Ciao, Michael.