>>> Michael Ströder <[email protected]> schrieb am 18.06.2021 um 14:17 in Nachricht <[email protected]>: > On 6/18/21 2:00 PM, Stefan Kania wrote: >> Am 17.06.21 um 23:51 schrieb Michael Ströder: >>> Using the old totp module is a waste of time. >> >> ok ok ok :-) I now used the otp module together with argon2 als >> password, and it's running. > > The really huge advantage of slapo-otp is that you manage userPassword > and oathSecret separately, e.g. protected by different ACLs for > authorizing different roles. > >> But why, if it's old and not working, is pw-totp still part of 2.5. > > AFAIK this old implementation was a PoC and is therefore located in > contrib/ just like any other stuff not officially supported. It's not > built by default.
IMHO obsolete PoCs should be one of: 1) flagged as obsolete 2) be updated to a newer version 3) be removed Regards, Ulrich > > In my own packages I only build selected contrib modules. totp is not > among those modules. > > Ciao, Michael.
