26 Jun
2015
26 Jun
'15
23:50
HI!
In another lightning talk (15 min.) I could present an approach for using a LDAP server directly as OATH-HOTP backend using yubikey as 2nd factor for a simple bind request.
A current implementation uses OpenLDAP's back-sock used as overlay to intercept the bind requests and pass them to an external process which does the OTP validation.
Challenges in a two-tier replication setup up are briefly discussed.
If requested a longer talk (45 min.) could shed some lights on security aspects and development of a secure enrollment process and implementation.
Ciao, Michael.