[Tickets #11076] One Time Password Module Implementation - request for comment

bugs at horde.org bugs at horde.org
Wed Mar 14 08:53:57 UTC 2012 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11076
------------------------------------------------------------------------------
  Ticket             | 11076
  Created By         | c.denis at mrduck.fr
  Summary            | One Time Password Module Implementation - request for
                     | comment
  Queue              | Horde Framework Packages
  Version            | Git develop
  Type               | Enhancement
  State              | New
  Priority           | 1. Low
  Milestone          |
  Patch              | 1
  Owners             |
------------------------------------------------------------------------------


c.denis at mrduck.fr (2012-03-14 08:53) wrote:

Dear Dev-Team,

as announced in #10980, I am trying to provide a first version of a  
hash-chain implementation for one time passwords. This is my personal  
reason why I would need the Dual_Auth module described previously.  
Nevertheless the modules are both fully functional on their own.

With this otp module a user can log in to horde with another password  
every time and thus protect his credentials if he has to log in from  
an untrusted location such as an airport internet terminal.

ATM this uses the same table as Auth_Sql (horde_users) with two  
additional fields. If requested this can of course be changed to use  
its own table.
ALTER TABLE `horde_users` ADD `hash_chain_pwd` VARCHAR( 60 ) NOT NULL
ALTER TABLE `horde_users` ADD `hash_chain_index` INT( 50 ) NOT NULL

I am posting this at this state mainly to get feedback on the idea and  
the implementation. I am by all means willing to improve it from a  
security, architectural,  or even style point of view.

Further additions in terms of support in the passwd application,  
warnings when the password list runs empty and integration in the  
configuration page are planned if this is of common interest.

Any comment is appreciated.
Best regards,
Carl



c.denis at mrduck.fr (2012-03-14 08:53) uploaded: otp.patch

http://bugs.horde.org/h/services/download/?module=whups&actionID=download_file&file=otp.patch&ticket=11076&fn=%2Fotp.patch

More information about the bugs mailing list