Displaying 20 results from an estimated 106 matches for "2fa".
Did you mean:
2af
2020 Jan 06
4
2FA for Dovecot
Hi,
My goal is to protect my mail account with 2FA, which isn't a crazy
idea in 2020. Therefore, I would like to know the possibilities of
configuring 2FA for Dovecot. In the documentation there are some hints
of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where
FreeIPA has the ability to enable OTP per user [3].
But I can'...
2020 Oct 26
4
SV: Looking for a guide to collect all e-mail from the ISP mail server
>>"Never use a browser for email."
I don't agree.
In fact, using a browser for email or atleast initial setup, is actually more secure. This because SMTP/IMAP clients normally don't support 2FA, so you would have to "hack" a solution to enable 2FA for email.
This can be made in 2 ways: Either, you have a full fledged email setup. Whats important, is, to prevent auth-bypass holes, you remove the authentication in RoundCube or whatever webmail you use, and instead use a reverse-p...
2020 Jan 07
1
2FA for Dovecot
...I also block many datacenters, but blocking Digital Ocean, Vultur and AWS will get you 90%of the way there. You will need to use 587, that is no auth on 25. Again no blocking on 25, just block the other email ports.
I get maybe one attempt to log into my email account a week. Yeah not as good as 2FA but it isn't a research project either. Just a little firewall programming. I get the CIDRs from bgp.he.net.
I am assuming this is a personal server.
A bit extreme, but you could set up a VPN on a VPS and only allow that IP to send and receive email.
? Original Message ?
From: lists...
2020 Oct 27
2
SV: Looking for a guide to collect all e-mail from the ISP mail server
1: I meant like this:
Without whitelisting, you can't login to SMTP or IMAP, password isn't valid
at all.
To enable SMTP and IMAP, you then either surf ro webmail, or the 2FA
gateway, and login with:
Username + password + 2FA code + captcha.
When all is valid, then your IP is whitelisted for SMTP and IMAP access.
This still means you have to use usename/password for SMTP/IMAP.
So how would this be a security hole?
Instead of using only username+password for SMTP/IMAP?...
2020 Oct 09
1
guidance on enabling 2FA at Linux GUI level
Hi all,
running a machine with Centos 7.6 that already has a 2FA PAM- enabled
module for SSH logins.
Is there a document that talks about configuring Centos 7.6 default GUI
(Gnome) to use 2fa with PAM?
thanks,
--
---------------------
Erick Perez
Quadrian Enterprises S.A. - Panama, Republica de Panama
Skype chat: eaperezh
WhatsApp IM: +507-6675-5083
--------...
2020 Jan 07
0
2FA for Dovecot
You don't say what sort of 2FA you're considering, but wouldn't you just tell Dovecot to use PAM, and then extend PAM to use a 2FA module. For example there's a Google Auth one available in the second link below.
https://doc.dovecot.org/configuration_manual/authentication/pam/
https://github.com/google/google-authen...
2016 Jul 04
2
SSH multi factor authentication
On Sun, 3 Jul 2016, Stephen Harris wrote:
> On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote:
> > One, the Google Authenticator (OTP authentication).
>
> On its own, this is not 2FA. It's single factor ("something you
> have").
>
> A combination of Google Authenticator _and_ password is 2FA. This is
> easy to do with PAM.
Agreed
> > Two, Public/Private key authentication (pubkeyauthentication = yes) which
> > supports pass phrase priv...
2020 Jan 07
0
2FA for Dovecot
Kees de Jong wrote on 06/01/2020 12:58:
> My goal is to protect my mail account with 2FA, which isn't a crazy
> idea in 2020. Therefore, I would like to know the possibilities of
> configuring 2FA for Dovecot.
Use an authentication backend that supports 2FA, such as oAuth:
https://wiki.dovecot.org/PasswordDatabase/oauth2
--
Ciao,
luigi
/
+--[Luigi Rosa]--
\
2020 Jan 07
0
2FA for Dovecot
I did mention OTP for 2FA, and OTP can be indeed Google Authenticator,
the reason I'm not that specific is because the documentation isn't :)
PAM can indeed be used for this, I've read some list conversations
about this [1], [2]. However, as I mentioned in my first post, I'm
interested to know about the int...
2020 Oct 26
0
SV: Looking for a guide to collect all e-mail from the ISP mail server
...g
Subject: SV: Looking for a guide to collect all e-mail from the ISP mail server
>>"Never use a? browser for email."
I don't agree.
In fact, using a browser for email or atleast initial setup, is actually more secure. This because SMTP/IMAP clients normally don't support 2FA, so you would have to "hack" a solution to enable 2FA for email.
This can be made in 2 ways: Either, you have a full fledged email setup. Whats important, is, to prevent auth-bypass holes, you remove the authentication in RoundCube or whatever webmail you use, and instead use a reverse-p...
2023 Mar 24
0
LDAP Account Manager 8.3 with usability improvements and ability to remember 2FA device
Announcement:
This release includes several usability improvements. Users can now
select to remember their 2FA device. PHP 8.2 support was added.
Docker users: Please note that we move away from DockerHub. This is
the last release that was published there. See here for our new
Github repository:
https://github.com/LDAPAccountManager/docker/pkgs/container/lam
Full changelog:
https://www.ldap-account-man...
2020 Nov 19
0
LDAP Account Manager 7.4.RC1 supports Okta 2FA and admin approval for account registration
...Active Directory
* Asterisk
* Kopano
* DHCP
* SSH keys
* ...
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* 2FA support
Demo installation:
------------------
You can try our demo installation online.
https://www.ldap-account-manager.org/lamcms/liveDemo
Authors & Copyright:
--------------------
Copyright (C) 2003 - 2020:
Roland Gruber <post at rolandgruber.de>
LAM is published under the GNU Ge...
2016 Jul 04
3
SSH multi factor authentication
There has been some good discussion around our IBM security team as to what
actually constitutes SSH multi factor authentication. There are 2 options
being discussed.
One, the Google Authenticator (OTP authentication).
Two, Public/Private key authentication (pubkeyauthentication = yes) which
supports pass phrase private key authentication.
Which of these is considered multi-factor
2016 Oct 22
0
MFA 2FA TOTP razz-ma-tazz!
I'd like to start offering my server's users multi-factor
authentication. Right now, I funnel all authentication through dovecot.
Before I get too far down the fantasy design path, I'm wondering if
anyone else has already done this and could share some details or code.
(I loaded up the subject line with acronyms to show how serious I am. :-))
I am specifically thinking of
2019 Mar 15
0
LDAP Account Manager 6.7.RC1 with YubiKey 2FA and extended Bind DLZ support
LDAP Account Manager (LAM) 6.7.RC1 - March 15th, 2019
=====================================================
LAM is a web frontend for managing accounts stored in an LDAP directory.
Announcement:
-------------
YubiKey server is supported as 2-factor authentication provider for LAM
login. The bind DLZ module supports DNAME and XFR records. LAM is also
compatible with PHP 7.3 and can log to a
2019 Mar 25
0
LDAP Account Manager 6.7 with YubiKey 2FA and extended Bind DLZ support
LDAP Account Manager (LAM) 6.7 - March 25th, 2019
=================================================
LAM is a web frontend for managing accounts stored in an LDAP directory.
Announcement:
-------------
YubiKey server is supported as 2-factor authentication provider for LAM
login. The bind DLZ module supports DNAME and XFR records. LAM is also
compatible with PHP 7.3 and can log to a remote
2019 Nov 07
2
samba login with U2F token
Dear all,
I did try to google search the archives [1] but cannot find any
information on this.
Would it be possible to somehow implement a passwordless (or as a 2FA)
to login to a remote samba (linux server)?
Any suggestions greatly appreciated,
Greg
1. https://lists.samba.org/archive/samba/
2020 Oct 21
6
"Semi-Trusted" SSH-Keys that also require PAM login
Hello all,
in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with
google-authenticator hooked into PAM.
However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it
is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely on SSH keys
on these device...
2017 Jul 13
1
Master auth only
> On 12 Jul 2017, at 15.46, Rick Romero <rick at havokmon.com> wrote:
> This is awesome, as I was just contemplating how to maintain persistence with 2FA.
> Is it possible to use a passdb based on remote ip? There's a username_filter, but I want to use a master password for webmail (which will use 2FA via Radius), and those IPs are known and non-routable.
passdb {
driver = static
args = password=masterpassword allow_nets=192.168.0.0/2...
2020 Oct 27
0
Looking for a guide to collect all e-mail from the ISP mail server
On 25 Oct 2020, at 22:47, Sebastian Nielsen <sebastian at sebbe.eu> wrote:
> The second way, is to not have webmail at all, but instead have a authentication gateway in browser, where you must auth with 2FA and captcha. The only purpose of this gateway, is to authenticate users with 2FA before their IP is whitelisted.
I mostly agree with the sentiments in your email, but whitelsiting IP addresses is a HORRIBLE idea and a massive gaping security hole and using a captcha is only slightly less horrible...