Adding possibiliy to check PIN against SASLauthd rather than users_file

[GoogleCodeExporter]

First thanks a lot for your work.
Second, we use your work for securing the external access to our intranet. 
We use an ldap directory for all the accounts.
Inside users are authenticated/authorized with mod_authnz_ldap, but outside 
users need now to connect with user / original password + OTP.
My problem was to keep the password in the users_file syncronized with our ldap 
directory, so I made a small patch wich adds the fonctionality to check the PIN 
code as the password with saslauthd.

for doing that I added 2 config settings:
OTPSASLPwdCheck On enables the PIN checking against saslauthd
   default value Off -PIN checking is with users files

OTPSASLRunDir contains the path of the saslauthd unix socket "mux"
   default value to /var/run/sasl2 wich is the correct path for openSUSE 11.3

currently in the users file you can put what you want in the PIN field (except 
obviously "-" ) personnaly I use "SASL". Note that the lenght is not important.

I attach my patch, after applying it you need to do a:
touch ChangeLog
touch AUTHORS
autoreconf -fi
before building the mod_authn_otp.so module

I attached the patch and the src.rpm for openSUSE 11.3 

Original issue reported on code.google.com by gronan.r...@gmail.com on 17 Mar 2011 at 8:52

Attachments:

• mod_authn_otp-1.1.1-1.src.rpm
• mod_authn_otp_sasl.diff

[GoogleCodeExporter]

This is now fixed in version 1.1.2 via the new OTPAuthPINAuthProvider 
configuration directive. There is a mod_authn_sasl out there that will then do 
what you want: http://mod-authn-sasl.sourceforge.net/

Original comment by archie.c...@gmail.com on 22 Mar 2011 at 10:56

• Changed state: Fixed
• Added labels: Type-Enhancement
• Removed labels: Type-Defect