Fri, 10 Apr 2026 13:16:50 +0000 https://bugs.horde.org/ticket/11076 One Time Password Module Implementation - request for comment Dear Dev-Team, as announced in #10980, I am trying to provide a first version of a hash-chain implementation for one time passwords. This is my personal reason why I would need the Dual_Auth module described previously. Nevertheless the modules are both fully functional on their own. With this otp module a user can log in to horde with another password every time and thus protect his credentials if he has to log in from an untrusted location such as an airport internet terminal. ATM this uses the same table as Auth_Sql (horde_users) with two additional fields. If requested this can of course be changed to use its own table. ALTER TABLE `horde_users` ADD `hash_chain_pwd` VARCHAR( 60 ) NOT NULL ALTER TABLE `horde_users` ADD `hash_chain_index` INT( 50 ) NOT NULL I am posting this at this state mainly to get feedback on the idea and the implementation. I am by all means willing to improve it from a security, architectural, or even style point of view. Further additions in terms of support in the passwd application, warnings when the password list runs empty and integration in the configuration page are planned if this is of common interest. Any comment is appreciated. Best regards, Carl Wed, 14 Mar 2012 08:53:56 +0000 https://bugs.horde.org/ticket/11076#t70712 - The driver should probably be called Horde_Auth_HashChain, because this is just one possible implementation of OTP authentication and Horde_Auth_Otp is too generic. - You should use the existing user_pass field. - It's okay to add an additional field for the chain index to the general user table. It should follow the column nomenclature though and should be added by a migration script. - Why is the _reduce_password method necessary? This doesn't make sense to me. Also, you are using the pwdformat_length parameter, but it's not documented and you don't set the default value in the constructor like for the other parameters. - You should extend the Horde_Auth_Sql class and only overwrite those methods and properties that are necessary. - There also some minor style issues that should be tackled in a final version. Thu, 22 Mar 2012 17:00:28 +0000 https://bugs.horde.org/ticket/11076#t70832 Ping? Wed, 30 Jan 2013 17:00:32 +0000 https://bugs.horde.org/ticket/11076#t76490 > Ping? Right now, I don't know how far I got on the issues you mentionned. Indeed, this is getting old ... sorry about that. Do you want to close the ticket or is it fine if I have a look at it during March? Wed, 30 Jan 2013 17:07:37 +0000 https://bugs.horde.org/ticket/11076#t76493 I'm gonna close it for now, just add a patch if you are done and we're gonna reopen the ticket. Wed, 30 Jan 2013 17:16:19 +0000 https://bugs.horde.org/ticket/11076#t76500