URL:
<http://savannah.nongnu.org/support/?108895>
Summary: oath_authenticate_usersfile() read from HSM
Project: OATH Toolkit
Submitted by: nmav
Submitted on: Mon 05 Oct 2015 04:45:41 PM EEST
Category: None
Priority: 5 - Normal
Severity: 1 - Wish
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
I've recently modified the openconnect VPN server to use liboath for one time
passwords. Having seen however various HSMs like YubiHSM and
oath_authenticate_usersfile(), it seems straightforward to extend the
oath_authenticate_usersfile() to support HSMs. The API is high level allowing
to specify a userfile (which could be a URL similarly to PKCS #11 URLs), and
thus could accommodate for more than just files.
That would greatly extend the value of this library for server applications.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/support/?108895>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
