search for: 2fa

Hi, My goal is to protect my mail account with 2FA, which isn't a crazy idea in 2020. Therefore, I would like to know the possibilities of configuring 2FA for Dovecot. In the documentation there are some hints of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where FreeIPA has the ability to enable OTP per user [3]. But I can'...

>>"Never use a browser for email." I don't agree. In fact, using a browser for email or atleast initial setup, is actually more secure. This because SMTP/IMAP clients normally don't support 2FA, so you would have to "hack" a solution to enable 2FA for email. This can be made in 2 ways: Either, you have a full fledged email setup. Whats important, is, to prevent auth-bypass holes, you remove the authentication in RoundCube or whatever webmail you use, and instead use a reverse-p...

...I also block many datacenters, but blocking Digital Ocean, Vultur and AWS will get you 90%of the way there. You will need to use 587, that is no auth on 25. Again no blocking on 25, just block the other email ports. I get maybe one attempt to log into my email account a week. Yeah not as good as 2FA but it isn't a research project either. Just a little firewall programming. I get the CIDRs from bgp.he.net. I am assuming this is a personal server. A bit extreme, but you could set up a VPN on a VPS and only allow that IP to send and receive email. ? Original Message ? From: lists...

1: I meant like this: Without whitelisting, you can't login to SMTP or IMAP, password isn't valid at all. To enable SMTP and IMAP, you then either surf ro webmail, or the 2FA gateway, and login with: Username + password + 2FA code + captcha. When all is valid, then your IP is whitelisted for SMTP and IMAP access. This still means you have to use usename/password for SMTP/IMAP. So how would this be a security hole? Instead of using only username+password for SMTP/IMAP?...

Hi all, running a machine with Centos 7.6 that already has a 2FA PAM- enabled module for SSH logins. Is there a document that talks about configuring Centos 7.6 default GUI (Gnome) to use 2fa with PAM? thanks, -- --------------------- Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 --------...

You don't say what sort of 2FA you're considering, but wouldn't you just tell Dovecot to use PAM, and then extend PAM to use a 2FA module. For example there's a Google Auth one available in the second link below. https://doc.dovecot.org/configuration_manual/authentication/pam/ https://github.com/google/google-authen...

On Sun, 3 Jul 2016, Stephen Harris wrote: > On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote: > > One, the Google Authenticator (OTP authentication). > > On its own, this is not 2FA. It's single factor ("something you > have"). > > A combination of Google Authenticator _and_ password is 2FA. This is > easy to do with PAM. Agreed > > Two, Public/Private key authentication (pubkeyauthentication = yes) which > > supports pass phrase priv...

Kees de Jong wrote on 06/01/2020 12:58: > My goal is to protect my mail account with 2FA, which isn't a crazy > idea in 2020. Therefore, I would like to know the possibilities of > configuring 2FA for Dovecot. Use an authentication backend that supports 2FA, such as oAuth: https://wiki.dovecot.org/PasswordDatabase/oauth2 -- Ciao, luigi / +--[Luigi Rosa]-- \

I did mention OTP for 2FA, and OTP can be indeed Google Authenticator, the reason I'm not that specific is because the documentation isn't :) PAM can indeed be used for this, I've read some list conversations about this [1], [2]. However, as I mentioned in my first post, I'm interested to know about the int...

...g Subject: SV: Looking for a guide to collect all e-mail from the ISP mail server >>"Never use a? browser for email." I don't agree. In fact, using a browser for email or atleast initial setup, is actually more secure. This because SMTP/IMAP clients normally don't support 2FA, so you would have to "hack" a solution to enable 2FA for email. This can be made in 2 ways: Either, you have a full fledged email setup. Whats important, is, to prevent auth-bypass holes, you remove the authentication in RoundCube or whatever webmail you use, and instead use a reverse-p...

Announcement: This release includes several usability improvements. Users can now select to remember their 2FA device. PHP 8.2 support was added. Docker users: Please note that we move away from DockerHub. This is the last release that was published there. See here for our new Github repository: https://github.com/LDAPAccountManager/docker/pkgs/container/lam Full changelog: https://www.ldap-account-man...

...Active Directory * Asterisk * Kopano * DHCP * SSH keys * ... * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * 2FA support Demo installation: ------------------ You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Authors & Copyright: -------------------- Copyright (C) 2003 - 2020: Roland Gruber <post at rolandgruber.de> LAM is published under the GNU Ge...

There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor

I'd like to start offering my server's users multi-factor authentication. Right now, I funnel all authentication through dovecot. Before I get too far down the fantasy design path, I'm wondering if anyone else has already done this and could share some details or code. (I loaded up the subject line with acronyms to show how serious I am. :-)) I am specifically thinking of

LDAP Account Manager (LAM) 6.7.RC1 - March 15th, 2019 ===================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- YubiKey server is supported as 2-factor authentication provider for LAM login. The bind DLZ module supports DNAME and XFR records. LAM is also compatible with PHP 7.3 and can log to a

LDAP Account Manager (LAM) 6.7 - March 25th, 2019 ================================================= LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: ------------- YubiKey server is supported as 2-factor authentication provider for LAM login. The bind DLZ module supports DNAME and XFR records. LAM is also compatible with PHP 7.3 and can log to a remote

Dear all, I did try to google search the archives [1] but cannot find any information on this. Would it be possible to somehow implement a passwordless (or as a 2FA) to login to a remote samba (linux server)? Any suggestions greatly appreciated, Greg 1. https://lists.samba.org/archive/samba/

Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely on SSH keys on these device...

> On 12 Jul 2017, at 15.46, Rick Romero <rick at havokmon.com> wrote: > This is awesome, as I was just contemplating how to maintain persistence with 2FA. > Is it possible to use a passdb based on remote ip? There's a username_filter, but I want to use a master password for webmail (which will use 2FA via Radius), and those IPs are known and non-routable. passdb { driver = static args = password=masterpassword allow_nets=192.168.0.0/2...

On 25 Oct 2020, at 22:47, Sebastian Nielsen <sebastian at sebbe.eu> wrote: > The second way, is to not have webmail at all, but instead have a authentication gateway in browser, where you must auth with 2FA and captcha. The only purpose of this gateway, is to authenticate users with 2FA before their IP is whitelisted. I mostly agree with the sentiments in your email, but whitelsiting IP addresses is a HORRIBLE idea and a massive gaping security hole and using a captcha is only slightly less horrible...