As per my post: checkpassword. You can then use one password on Mondays,
Wednesdays, and Fridays, alternate passwords on Tuesdays and Thursday
fetched from a rot-13 database, and only from prime numbered IP addresses
on weekends, if that's what you want.
Having read the wiki page on checkpassword, I am unsure how this would
work with an ldap backend.
Could you elaborate on that?
You are essentially writing your own backend by taking over
authentication. You'll be accepting user/password inputs into your
checkpassword executable, then use the LDAP API (or some other system
that will do it for you) to authenticate. (You can Google around for code
snippets.) You'll have direct control over all aspects of authentication
(if/when/where/etc) that a generic backend can't provide.
You can choose do implement using shell/PERL/etc script, or compile
to executable from C sources. It's more work, but if you need to do
everything on your wish list, I can't see any eaiser option.
One of the drawbacks is that a working password depends on both time
and source address, which will be adversely affect performance on a
busy server as authentication data cannot be cached.
Joseph Tam <jtam.h...@gmail.com>
