2-factor Authentication with OpenLDAP, OATH-HOTP and Yubikey

Axel Hoffmann

Abstract

In this lightning talk I present an approach for using an LDAP server directly as OATH-HOTP backend using Yubikey as 2nd factor for a simple bind request.

A current implementation uses OpenLDAP’s back-sock used as overlay to intercept the bind requests and pass them to an external process which does the OTP validation.

Challenges in a two-tier replication setup up are briefly discussed.

Presentation

2-FACTOR AUTHENTICATION WITH OPENLDAP, OATH-HOTP AND YUBIKEY – slides