On 6/18/21 2:00 PM, Stefan Kania wrote: > Am 17.06.21 um 23:51 schrieb Michael Ströder: >> Using the old totp module is a waste of time. > > ok ok ok :-) I now used the otp module together with argon2 als > password, and it's running.
The really huge advantage of slapo-otp is that you manage userPassword and oathSecret separately, e.g. protected by different ACLs for authorizing different roles. > But why, if it's old and not working, is pw-totp still part of 2.5. AFAIK this old implementation was a PoC and is therefore located in contrib/ just like any other stuff not officially supported. It's not built by default. In my own packages I only build selected contrib modules. totp is not among those modules. Ciao, Michael.
