> IMO, OTP is inherently incompatible with replicas because a client can > authenticate to each replica with what is intended to be a one time > password. The only way to preclude this is, as was basically suggested, > is to chain it to the master such that each password can only be used one > time.
I have an "easy" fix in this direction; however, I stumbled into another issue: if slapo-chain(5) gets involved in an internal operation, it does not honor custom callbacks registered for the internal operation, and rather attempts to return the result to the caller. As a consequence, I need to address this issue first, before solving the original one. p.
