[Tickets #12301] Re: Secondary authentication

noreply at bugs.horde.org noreply at bugs.horde.org
Fri Aug 30 05:08:53 UTC 2013 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12301
------------------------------------------------------------------------------
  Ticket             | 12301
  Updated By         | lameventanas at gmail.com
  Summary            | Secondary authentication
  Queue              | Horde Base
  Version            | Git master
  Type               | Enhancement
  State              | Feedback
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
+New Attachment     | horde-auth.pdf
------------------------------------------------------------------------------


lameventanas at gmail.com (2013-08-30 05:08) wrote:

>>> Are you requesting two-factor authentication actually?
>>
>> What I am requesting is simpler, is "Application-specific passwords".
>>
>> Please see this:
>> https://support.google.com/accounts/answer/185833
>>
>> And a video explaining it:
>> http://www.youtube.com/watch?v=zMabEyrtPRg&t=2m13s
>>
>> It is possible to implement this independently of Horde (eg: for
>> email it could be done in the imap server), but we need support for
>> SyncML and Activesync, and also a Horde module for the password
>> management.
>
> How would this work? ActiveSync needs authenticated access to Horde  
> and the applications (not to mention access to the IMAP server  
> through IMP). Using a different password for each application, or  
> even just for ActiveSync access would prevent authentication to at  
> least some of the data that is needed.

Possible solution: for each app-specific password Horde stores the  
backend password (eg: LDAP, IMAP) in an encrypted form.  The  
app-specific password is used as the encryption key.  For safety  
reasons, the app-specific password is not stored, only a hash of it.

There might be other ways to implement it safely, this is just an idea.

Please see the attachment.







lameventanas at gmail.com (2013-08-30 05:08) uploaded: horde-auth.pdf

http://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=horde-auth.pdf&ticket=12301&fn=%2Fhorde-auth.pdf

More information about the bugs mailing list