[horde] multi-factor authentication
Rick Romero
rick at havokmon.com
Wed Mar 28 18:33:21 UTC 2018
Quoting Ralf Lang <lang at b1-systems.de>:
> Am 28.03.2018 um 17:53 schrieb P.V.Anthony:
>> On 28/03/2018 20:42, Bjoern Voigt wrote:
>>> Mike Poznecki wrote:
>>>> Hi, how can I implement multi-factor authentication with an RSA key?
>>>> I have searched long and wide and can not find any help.
>>>
>>> Unfortunately, Two Factor authentication is not implemented in Horde
>>> right now. I am also interested in this topic.
>>>
>>> [#14051] Two Factor Authentication
>>> https://bugs.horde.org/ticket/14051
>>
>> Would using the following make it easier to do multi-factor auth?
>>
>> https://www.vaultproject.io/
>>
>> Saw a demo and was impressed. Please note I am not a programmer.
>>
>> P.V.Anthony
>
> Vault doesn't really address what is needed here.
> There are two options here:
>
> - Delegate authentication to an auth provider (shibboleth, saml, openid
> connect, etc) and let them worry about 2-factor implementation
> - Build a 2-factor driver for horde
>
> Both are somehow on my list, but no specific timeline can be given.
> However, I am more interested in open solutions like TOTP/HOTP.
> Though I use commercial RSA SecurId tokens in my daily work, I have
> absolutely no interest in building a direct interface to the server
> component.
I like PrivacyIdea and have implemented it in the past. What I had
planned with Horde sort of worked, but there were some missing parts.
I believe what I did was configure Horde to use Radius (via
PrivacyIdea). What that did was allow use of TOTP/HOTP to log into the
web interface. Then I hardcoded a long complex password into the imp
config to login to the backend IMAP server. The backend IMAP Server
accepted that single password for any user that came from my test web
server (Dovecot uses SQL for Auth, so easy query change).
It worked about 99% - I think gollem was the only place I couldn't get
things to work reliably.
Rick
More information about the horde
mailing list