[horde] multi-factor authentication

Ralf Lang lang at b1-systems.de
Thu Mar 29 05:03:06 UTC 2018



Am 28.03.2018 um 23:10 schrieb Bjoern Voigt:
> Ralf Lang wrote:
>> There are two options here:
>>
>> - Delegate authentication to an auth provider (shibboleth, saml, openid
>> connect, etc) and let them worry about 2-factor implementation
>> - Build a 2-factor driver for horde
>>
>> Both are somehow on my list, but no specific timeline can be given.
>> However, I am more interested in open solutions like TOTP/HOTP.
>> Though I use commercial RSA SecurId tokens in my daily work, I have
>> absolutely no interest in building a direct interface to the server
>> component.
> I think, Nextcloud can be seen as a good example for implementing
> 2-factor authentication into a modularized PHP application.
>
> The Nextcloud team built some 2-factor base functionality into the
> Nextcloud core. For instance they implemented base classes, some
> management commands (e.g. administrators can enable/disable 2-factor for
> specific users) and management functions for app-passwords (Horde/IMP
> may need them too e.g. for Activesync devices). A specific 2-factor
> solution can be found in the Nextcloud apps/add-ons. Currently there are
> some 2-factor apps available: https://apps.nextcloud.com/categories/security
>
> Greetings,
> Björn

Hi Björn,

there is already a plan to redesign the Horde Authentication
architecture for support of 2-factor services, separate credentials for
APIs, external interfaces etc. I will add nextcloud to my list of
references/resources. However, this is a fairly large-scale project. I
don't know the schedule of horde, inc.

However, as you see, there is no Owncloud/Nextcloud plugin for RSA
SecurId which is what Mike really wants. Given the cost of RSA, I have
the feeling he needs to integrate with an existing landscape and cannot
easily change over to TOTP, YubiKey or other solutions.




More information about the horde mailing list