similar to: OATH/OTP?

Hello, I would like to implement some kind of two factors authentication, in Dovecot. I am thinking about using the post login script, to check for unusual behaviour, like say, a different country / IP address or an unusual hour. I already wrote a simple shell script that check these factors, but now, I have some options for the following, and I need to know your opinion if this is feasible or

Dear Dovecot experts, we have unusual authentication requirements, namely: - almost all of our user are using a smartcard to connect with our mailserver. Thunderbird is our friend here as it will use the smartcard as an additional certificate store and Thunderbird will do client certificate based authentication when connecting via SSL with a mailserver - there's no way (at least that I know

Dear dovecot experts: We are using client certificates to authenthicate against a Dovecot server. Our certificates contain a x500UniqueIdentifier. I'm absolutely sure that the value of the x500UniqueIdentifier was stored into the AUTH_USER when I tested my setup last year. This has somehow changed and now AUTH_USER always contains the username. This has fatal consequences as now every owner

I want to discuss some problems/enhancements for dovecot in a webmail/otp setup. For access to an IMAP server like dovecot I see different client types: a) a "normal" MUA installed in a more or less trusted environment b) remote access via "webmail" from untrusted environments For a) I see with dovecot and other IMAP servers no problems, tricky is the setup for b). If you use

There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor

I would have to also hack the email client since I don't enter my 20 character high entropy password when I send or retrieve email. You really need an email standard to integrate TOTP. To be realistic, you need Gmail to use it. Whatever Gmail wants is essentially a defacto standard. I live in the real world, so whatever Google wants, I comply. ? Original Message ? From: jtam.home at

Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again? # This is my settings: # /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes auth_cache_size = 10M auth_failure_delay = 5 secs

On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote: > A quick question, if I may: Today, I heard a rumour that "ssh" can be > used as a TOTP *token* (i.e., accept or generate a secret for a > configuration and generate TOTP codes from there on out, to be entered > into some *other* software requesting them for 2FA). I'm not aware of any way

On Tue, 27 Oct 2020, Sebastian Nielsen wrote: > Kind of stupid that there doesn't exist some common standard for 2FA that > works in email clients. You can bodge it for HOTP/TOTP hardware token generators. Dovecot allows custom plugins to check passwords. The plugin can take passwords of the form {password}+{2fa-token}, then split each part to check against authentication systems to

Dear all A new R package 'otpr' is now available on CRAN. It's a wrapper for the OpenTripPlanner (OTP) API and is primarily aimed at researchers and transport planners who want to use OTP to carry out accessibility studies or generate variables for transport models. The package consists of four main functions: otp_connect() - defines and tests the connection to an OTP instance.

Dear all A new R package 'otpr' is now available on CRAN. It's a wrapper for the OpenTripPlanner (OTP) API and is primarily aimed at researchers and transport planners who want to use OTP to carry out accessibility studies or generate variables for transport models. The package consists of four main functions: otp_connect() - defines and tests the connection to an OTP instance.

Add OTP parity table. diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/lib-otp/otp-parity.c dovecot/src/lib-otp/otp-parity.c --- dovecot.vanilla/src/lib-otp/otp-parity.c 1970-01-01 03:00:00.000000000 +0300 +++ dovecot/src/lib-otp/otp-parity.c 2006-06-23 13:44:31.161891112 +0400 @@ -0,0 +1,29 @@ +/* + * OTP parity table. + * + * Copyright (c) 2006 Andrey Panin <pazke at

Hello, I was wondering where I might find more information about using OTP as an authentication protocol with dovecot. In searching, I found a thread from 2004, but not much information about how it has progressed from then. I also saw some promising patches from mid-last year, which if I had to guess are probably the addition of support for the SASL OTP mechanism. Is this available in a

If I were going to do this, I would probably try moving to a Windows 200x AD domain controller, and implementing RSA SecurID on that machine. I have not worked with other OTP solutions. As far as I understand, if Samba is configured as a domain controller, it expects to be able to handle the authentication itself. OTP is , in my opinion, most valuable when you are exposing resources to the

In both 1.2.6 and 1.2.7 (probably also before that, but dont have logs) im seeing quite a few of these: Nov 17 12:45:12 userimap10.xs4all.nl dovecot: IMAP(xxxxxxx): /var/spool/mail/dovecot-control/c/c0/xxxxxxx/INBOX/.INBOX/dovecot-uidlist: Duplicate file entry at line 2650: 1257768394._smtp.mxdrop238.41874,S=17304:2,Sad (uid 34270 -> 37166) I never really looked at it because it doesnt seem

Jochen Bern <Jochen.Bern at binect.de> writes: > (And since you mention "port knocking", I'd like to repeat how fond I > am of upgrading that original concept to a single-packet > crypto-armored implementation like fwknop.) I am reluctantly considering to use some kind of port knocking mechanism on some machines, however I really don't want to carry around shared

This patchset add support for One-Time-Password authentication mechanisms, both S/Key (RFC 1731) and OTP (RFC 2444) are implemented. Tested with mutt (uses cyrus sasl library for authentication). Patches were made against CVS HEAD. Please take a look. Add auth_cache_remove() function which will be used by OTP code to evict old entries from auth cache. diff -urdpNX /usr/share/dontdiff -x

I recently upgraded from 2.2.10 to 2.2.13, and also upgraded pigeonhole. Ever since im seeing some empty emails appear in my inbox. Return-Path: <cricket at stats2.xs4all.net> Delivered-To: <cor> Received: from imapdirector1.xs4all.net ([194.109.26.173]) by userimap9.xs4all.nl (Dovecot) with LMTP id CHu0MUDDjlOBdwAAwvsqNQ for <cor>; Wed, 04 Jun 2014 08:57:04 +0200 Thats all

1: I meant like this: Without whitelisting, you can't login to SMTP or IMAP, password isn't valid at all. To enable SMTP and IMAP, you then either surf ro webmail, or the 2FA gateway, and login with: Username + password + 2FA code + captcha. When all is valid, then your IP is whitelisted for SMTP and IMAP access. This still means you have to use usename/password for SMTP/IMAP. So how

A quick question, if I may: Today, I heard a rumour that "ssh" can be used as a TOTP *token* (i.e., accept or generate a secret for a configuration and generate TOTP codes from there on out, to be entered into some *other* software requesting them for 2FA). All I could find on the web so far are how-tos to a) make ssh*d* request and verify TOTP codes (usually with the help of PAM)