 |
I agree that two-factor athentication would be nice. And I think that this can be achieved by SOGo supporting authentication against SASL socket (like e.g. Postfix do). So the SOGo will not do the password matching itself (which requires acces to an SQL view with passwords) but will send the username and password to an authentication socket (can be provided e.g. by Dovecot). And this socket can do two-factor authentication - the password will have a fixed part + variable part generated by an OTP token. User can compose this password itself (no other changes in SOGo needed) or there can be one more field in the SOGo login form and SOGo will concatenate the password parts: Username: __ Beside that this approach (auth socket) will enable using much more hashing algorithms – SOGo don't have to support them itself, they will be provided by atuhentication backend (socket). Workaround: use "LDAP simulator" (maybe OpenLDAP with custom backend) that will validate passwords build from fixed+variable parts. |
|
|
Reported in 2014... It's 2017 and Security has never been more important. It would be great if Two-Factor Authentication could be implemented! |
|
|
I agree - 2fA implementation is overdue. Are there any plans for this? |
 |
There is SAML2 authentication already. That can provide multiple factor auth. |
|
|
Exactly. RedHat's keycloak IdP does that, for example. The only difficulty is getting imap to accept those same SAML2 credentials. We use for that: Hope this helps you too. |
|
|
Any news about this feature? |
|
|
2FA maybe needed in the EU in the near future (see DSGVO). So are there any plans to implement this proofed technic? |
|
|
FreeOTP support? Really needed... |
 |
Google Authenticator is now supported. |
- Anonymous
