--On Thursday, July 18, 2019 7:37 PM +0000 [email protected] wrote:
> - Allow the OTP from the previous time window to be accepted, provided > there has been no successful bind in or after that time window. This > avoids false authentication failures if for example the time window rolls > over as the OTP is being entered or transmitted. This should be a configuration item that is an integer value of the number of seconds to allow outside of the timeslice, with 0 meaning only the default time slice is allowed. Allowing people to authenticate outside of the time slice is of course a security issue and should not be allowed by default (So the default value of the parameter should be 0). Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
