similar to: 2FA for Dovecot

You don't say what sort of 2FA you're considering, but wouldn't you just tell Dovecot to use PAM, and then extend PAM to use a 2FA module. For example there's a Google Auth one available in the second link below. https://doc.dovecot.org/configuration_manual/authentication/pam/ https://github.com/google/google-authenticator-libpam P. (Not a dovecot expert, although I know a fair

We're looking to run freeipa on CentOS-6.5. It seems the version available for 6.5 is 3.0, whereas the latest 3.x is 3.3.5 (available in F19 & 20). And now I see 4.0 was just released and will be in F21 (with support for native OTP-based 2FA!). Has anyone attempted rebuilds against the F19/20 3.3.5 RPMS for CentOS? Given the dependency chain, is it worth going down this rabbit hole?

I block all my email ports except 25 from countries where I am not going to be sending or receiving email. I also block many datacenters, but blocking Digital Ocean, Vultur and AWS will get you 90%of the way there. You will need to use 587, that is no auth on 25. Again no blocking on 25, just block the other email ports. I get maybe one attempt to log into my email account a week. Yeah not as

On Sun, 3 Jul 2016, Stephen Harris wrote: > On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote: > > One, the Google Authenticator (OTP authentication). > > On its own, this is not 2FA. It's single factor ("something you > have"). > > A combination of Google Authenticator _and_ password is 2FA. This is > easy to do with PAM. Agreed >

Hello everybody, What is the status of the freeipa/sssd and samba conflicts in the repositories? I can not wrap my mind around that two big packages are not getting security updates anymore, because they are conflicting. I will go to FOSDEM in Belgium this year to figure out more, but I am considering moving my centos systems to rockylinux. Kind regards, Jelle de Jong On 12/16/22 16:59,

I did mention OTP for 2FA, and OTP can be indeed Google Authenticator, the reason I'm not that specific is because the documentation isn't :) PAM can indeed be used for this, I've read some list conversations about this [1], [2]. However, as I mentioned in my first post, I'm interested to know about the internal Dovecot authentication methods. Since using PAM requires local users

There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor

https://bugzilla.mindrot.org/show_bug.cgi?id=3439 Bug ID: 3439 Summary: identify password prompts Product: Portable OpenSSH Version: v9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again? # This is my settings: # /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes auth_cache_size = 10M auth_failure_delay = 5 secs

Add OTP parity table. diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/lib-otp/otp-parity.c dovecot/src/lib-otp/otp-parity.c --- dovecot.vanilla/src/lib-otp/otp-parity.c 1970-01-01 03:00:00.000000000 +0300 +++ dovecot/src/lib-otp/otp-parity.c 2006-06-23 13:44:31.161891112 +0400 @@ -0,0 +1,29 @@ +/* + * OTP parity table. + * + * Copyright (c) 2006 Andrey Panin <pazke at

Dear Dovecot experts, we have unusual authentication requirements, namely: - almost all of our user are using a smartcard to connect with our mailserver. Thunderbird is our friend here as it will use the smartcard as an additional certificate store and Thunderbird will do client certificate based authentication when connecting via SSL with a mailserver - there's no way (at least that I know

I want to discuss some problems/enhancements for dovecot in a webmail/otp setup. For access to an IMAP server like dovecot I see different client types: a) a "normal" MUA installed in a more or less trusted environment b) remote access via "webmail" from untrusted environments For a) I see with dovecot and other IMAP servers no problems, tricky is the setup for b). If you use

Hi All, I'm not sure what's causing this but every time I copy a file from one of the Macs (details below) to the Samba server the file timestamp is changed to the copy time rather than retaining the last modified time. Does anyone know what could be causing this? Systems: Mac OSX (versions 10.3.x -> 10.4.x) Windows 2000 Professional Solaris 10 running Samba 3.0.11 Tests... Mac

Hello, I was wondering where I might find more information about using OTP as an authentication protocol with dovecot. In searching, I found a thread from 2004, but not much information about how it has progressed from then. I also saw some promising patches from mid-last year, which if I had to guess are probably the addition of support for the SASL OTP mechanism. Is this available in a

Hi Everyone, I made some small changes in my dovecot setup to switch it from looking up users and passwords from a mix of ldap (i.e. freeipa) and password files. One of the changes was to switch from using one id for all authentication to using individual ids) It's working fine with Evolution. I have one account authenticating with GSSAPI, which is my userid for logging into my desktop and

This patchset add support for One-Time-Password authentication mechanisms, both S/Key (RFC 1731) and OTP (RFC 2444) are implemented. Tested with mutt (uses cyrus sasl library for authentication). Patches were made against CVS HEAD. Please take a look. Add auth_cache_remove() function which will be used by OTP code to evict old entries from auth cache. diff -urdpNX /usr/share/dontdiff -x

The above version of OpenSSH seems to work fine most of the time, but when I connect to one server in particular I get a very odd looking login prompt: pts/0::mugz!xm[~] ssh -l mugz <host-name-omitted> otp-md5 414 cr6003 ext S/Key Password: otp-md5 265 cr4395 ext S/Key Password: otp-md5 332 cr9989 ext S/Key Password: scripter at crimelords.org's password: I enter my password 3 times in

Hi. I have a question related to freebsd opie implementation. I am running 4.9-RELEASE and I've tried to setup opie. *** 1 *** opiepasswd/opiekey I've added user using `opiepasswd -c "ssa"` mx2# opiepasswd -c "ssa" Adding ssa: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with

If I were going to do this, I would probably try moving to a Windows 200x AD domain controller, and implementing RSA SecurID on that machine. I have not worked with other OTP solutions. As far as I understand, if Samba is configured as a domain controller, it expects to be able to handle the authentication itself. OTP is , in my opinion, most valuable when you are exposing resources to the

> On 1/3/23 13:41, Simon Matter wrote: >>> On 1/3/23 05:17, Orion Poplawski wrote: >>>> On 12/30/22 04:06, Jelle de Jong wrote: >>>>> On 12/27/22 22:55, Gordon Messmer wrote: >>>>>> On 2022-12-25 07:44, Jelle de Jong wrote: >>>>>>> A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is