Hi Quanah,
Am 05.06.21 um 22:11 schrieb Quanah Gibson-Mount:
>
>
> --On Saturday, June 5, 2021 4:27 PM +0200 Stefan Kania
> <ste...@kania-online.de> wrote:
>
>> Hello,
>>
>> I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10
>> with Kernel 5.9 from the backports. As OpenLDAP I use 2.5.5. I set up
>> everything via Ansible. My configure-options are:
>>
>>
>> root@ldap25-p01:/opt/openldap-2.5.5/servers/slapd
>> Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0:
>> <olcPasswordHash> scheme not available ({TOTP1})
>> Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0:
>> <olcPasswordHash> no valid hashes found
>> Jun 05 15:24:52 ldap25-p01 slapd[16210]: config error processing
>> cn=config: <olcPasswordHash> no valid hashes found
>
> Hm, I've only ever used the OTP module that ships as a core part of
> OpenLDAP 2.5:
>
> <https://www.openldap.org/software/man.cgi?query=slapo-otp&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html>
>
>
> Personally I'd combine that with ARGON2 password hashes for secure
> password hash storage + 2 Factor auth.
>
I have not tried this one yet, I will give it a try next week.Stefan > Regards, > Quanah > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> -- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
smime.p7s
Description: S/MIME Cryptographic Signature
