Re: OTP broken?

Dieter Klünter wrote: > Am Fri, 6 Nov 2015 08:55:34 +0000 > schrieb Emmanuel Dreyfus <manu(a)netbsd.org&gt;: > >> Hello >> >> It seems OTP was broken at some time, I wonder if it is just me >> (and why), or if it is more genral. I have a user with: >> cmusaslsecretOTP: sha1 0499 se2124 xxxxxxxxxxxxxxxx >> 00000000 >> >> slapd.conf contains: >> access to dn.regex="^uid=.+,dc=example,dc=net$" >> attrs=cmusaslsecretOTP by anonymous auth stop >> by self write stop >> by * none stop >> >> I try: >> $ ldapwhomai -Y OTP -X dn:${user_dn} >> SASL/OTP authentication started >> (delay) >> ldap_sasl_interactive_bind_s: Server is unavailable (52) >> additional info: SASL(-8): transient failure (e.g., weak >> key): simultaneous OTP authentications not permitted >> >> This is: >> OpenLDAP 2.4.42 >> Cyrusl SASL 2.1.26 > > If you are referring to sasl-OTP, which requires opiekey, this is > still working, > > https://sys4.de/de/blog/2014/04/15/one-time-password-system-network-based... > > On the other hand, there is a Time based OTP module in > contrib/slapd-modules/passwd/otpt which is broken, although i use > google authenticator and alternatively sophos authenticator. The passwd/totp module is a slapd password-hash mechanism and has nothing to do with SASL. It also works perfectly with google authenticator, what makes you say it's broken?