HI!

In another lightning talk (15 min.) I could present an approach for using a LDAP server directly as OATH-HOTP backend using yubikey as 2nd factor for a simple bind request.

A current implementation uses OpenLDAP's back-sock used as overlay to intercept the bind requests and pass them to an external process which does the OTP validation.

Challenges in a two-tier replication setup up are briefly discussed.

If requested a longer talk (45 min.) could shed some lights on security aspects and development of a secure enrollment process and implementation.

Ciao, Michael.