[horde] Any 2FA / MFA options which could work with Horde?
s.arcus at open-t.co.uk
Tue Feb 14 16:52:45 UTC 2023
This is a reluctant request, as per the details to follow.
Short version first: is there any way of making Horde work with some
sort of a 2FA / MFA system? I'm looking for the simplest option - even
if it involves some sort of authentication hook linked to a bash script,
which talks to a Windows app installed on the client workstation to pass
a TOTP code to the user. Or any other similar adaptation.
Long version: I've had Horde installed on a site and working for a good
number of years. There is no access to Horde from the internet, only
from internal network and through vpn. On the client side, users
passwords are stored in the password manager and auto-filled - so that
users are not psychologically accustomed to being asked to type their
email password for any reason. I think this provides a pretty high level
of protection against phishing attacks - specially as, even if a third
party obtains emails passwords, it's not possible to gain access to the
email system and data from outside the internal network.
However, being an organisation operating in the legal field, the
insurance company is adamant that we need to implement 2FA / MFA -
otherwise the insurance premium would be much higher. It doesn't matter
that I explained our setup to them, and how MFA / 2FA requirements would
be of little value to a small setup where the server and email clients
are inside the internal network, with no email client access from the
Any suggestions much appreciated
More information about the horde