similar to: 2FA for Dovecot

Hi, My goal is to protect my mail account with 2FA, which isn't a crazy idea in 2020. Therefore, I would like to know the possibilities of configuring 2FA for Dovecot. In the documentation there are some hints of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where FreeIPA has the ability to enable OTP per user [3]. But I can't really find much practical information about

You don't say what sort of 2FA you're considering, but wouldn't you just tell Dovecot to use PAM, and then extend PAM to use a 2FA module. For example there's a Google Auth one available in the second link below. https://doc.dovecot.org/configuration_manual/authentication/pam/ https://github.com/google/google-authenticator-libpam P. (Not a dovecot expert, although I know a fair

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 30/03/2020 19:39 Roy Lemmon <roy@roylemmon.com> wrote: </div> <div> <br> </div> <div> <br> </div>

On Sun, 3 Jul 2016, Stephen Harris wrote: > On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote: > > One, the Google Authenticator (OTP authentication). > > On its own, this is not 2FA. It's single factor ("something you > have"). > > A combination of Google Authenticator _and_ password is 2FA. This is > easy to do with PAM. Agreed >

On Thu, Jul 7, 2016 at 10:00 AM, Bruce F Bading <badingb at us.ibm.com> wrote: > > Hi Gentlemen, > > Thank you both for your valued opinion. I do however agree that public key > authentication cannot be fully considered MFA as have 2 PCI QSAs I have > spoken with. This is because it is not enforceable server side. Many > things can affect client side security. >

Dear all, I send you a new email to know what is the progress of SCRAM-SHA-***(-PLUS) supports? Currently there is only SCRAM-SHA-1: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/. - RFC6331: Moving DIGEST-MD5 to Historic: https://tools.ietf.org/html/rfc6331 - RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms:

There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor

>From the make output: libtool: link: gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -Wl,--as-needed -o .libs/auth auth.o auth-cache.o auth-client-connection.o auth-master-connection.o mech-otp-skey-common.o mech-plain-common.o auth-penalty.o auth-request.o auth-request-handler.o

Hi, yesterday lib-sql got driver-sqlpool with some changes in Makefile.am, but these changes in makefile works only for --with-sql=yes. When --with-sql=plugin is used build fails with: libtool --tag=CC --mode=link gcc -std=gnu99 -O2 -g -pipe -Wall -Wp,- D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 - m64 -mtune=generic -Wall -W -Wmissing-prototypes

https://bugzilla.mindrot.org/show_bug.cgi?id=3439 Bug ID: 3439 Summary: identify password prompts Product: Portable OpenSSH Version: v9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

Hi, I think there are some files missing (regarding auth mech-external): compile error (did fresh autogen.sh): gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-auth -I../../src/lib-sql -I../../src/lib-settings -I../../src/lib-ntlm -I../../src/lib-otp -I../../src/lib-master -DAUTH_MODULE_DIR=\""/opt/dovecot-2.0/lib/dovecot/auth"\"

https://bugzilla.netfilter.org/show_bug.cgi?id=1475 Bug ID: 1475 Summary: Array of addresses wrongly processed Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

Trying to compile 1.1rc8 from scratch on FreeBSD 6.3 as well as from the dovecot-devel port and I get an error when trying to include gssapi. gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-sql -I../../src/lib-settings -I../../src/lib-ntlm -I../../src/lib-otp -DAUTH_MODULE_DIR=\""/usr/local/lib/dovecot/auth"\"

We're looking to run freeipa on CentOS-6.5. It seems the version available for 6.5 is 3.0, whereas the latest 3.x is 3.3.5 (available in F19 & 20). And now I see 4.0 was just released and will be in F21 (with support for native OTP-based 2FA!). Has anyone attempted rebuilds against the F19/20 3.3.5 RPMS for CentOS? Given the dependency chain, is it worth going down this rabbit hole?

Hi folks I have installed Google authenticator on a few C8 boxes This is working fine on all of them except one... - google-authenticator is installed and the box is added to my Android app - /etc/pam.d/sshd contains auth sufficient pam_google_authenticator.so - /etc/ssh/sshd_config contains ChallengeResponseAuthentication yes - sshd restarted When logging in, I'm prompted with the

Add OTP parity table. diff -urdpNX /usr/share/dontdiff -x Makefile dovecot.vanilla/src/lib-otp/otp-parity.c dovecot/src/lib-otp/otp-parity.c --- dovecot.vanilla/src/lib-otp/otp-parity.c 1970-01-01 03:00:00.000000000 +0300 +++ dovecot/src/lib-otp/otp-parity.c 2006-06-23 13:44:31.161891112 +0400 @@ -0,0 +1,29 @@ +/* + * OTP parity table. + * + * Copyright (c) 2006 Andrey Panin <pazke at

Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again? # This is my settings: # /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes auth_cache_size = 10M auth_failure_delay = 5 secs

Dear Dovecot experts, we have unusual authentication requirements, namely: - almost all of our user are using a smartcard to connect with our mailserver. Thunderbird is our friend here as it will use the smartcard as an additional certificate store and Thunderbird will do client certificate based authentication when connecting via SSL with a mailserver - there's no way (at least that I know

Dear all A new R package 'otpr' is now available on CRAN. It's a wrapper for the OpenTripPlanner (OTP) API and is primarily aimed at researchers and transport planners who want to use OTP to carry out accessibility studies or generate variables for transport models. The package consists of four main functions: otp_connect() - defines and tests the connection to an OTP instance.

Dear all A new R package 'otpr' is now available on CRAN. It's a wrapper for the OpenTripPlanner (OTP) API and is primarily aimed at researchers and transport planners who want to use OTP to carry out accessibility studies or generate variables for transport models. The package consists of four main functions: otp_connect() - defines and tests the connection to an OTP instance.