On Fri, 11 Jul 2014, Nathaniel McCallum wrote:
This prevents the reuse of TOTP tokens by recording the last token
interval that was used. This will be replicated as normal. However,
this patch does not increase the number of writes to the database
in the standard authentication case. This is because it also
eliminates an unnecessary write during authentication. Hence, this
patch should be write-load neutral with the existing code.
Further performance enhancement is desired, but is outside the
scope of this patch.
ACK. I've tested it with successive LDAP binds with TOTP token and only
first attempt to bind was successful with the same TOTP code.
/ Alexander Bokovoy
Freeipa-devel mailing list