On Thu, Jul 18, 2019 at 08:32:22PM +0100, Howard Chu wrote: > it doesn't support setting > the password using the PasswordModify exop. That seems to imply that users are > required to generate their passwords using some other tool, and set them > using a > normal Modify op, but doing so is deprecated.
That is correct. > Password changes should only be done > using the PasswordModify exop. I wasn't sure how to do this. My implementation is essentially two password checks in one, so I need a way to tell the data apart. For the check functions this was easy as the OTP key is stored base32 encoded, and the DELIM character should not appear in a base32 string. For actual password input, I don't think I can make that assumption. I think the safest way to hash this scheme would be to have two separate input prompts, but I didn't see in the existing code a provision for this. It's possible I wasn't looking in the right places. If you have any suggestions I'd be happy to try writing that code. -- Greg Veldman IT Infrastructure Services, Purdue University [email protected] | (765)-496-2456
