6.0.0-git
2020-07-10

[#14051] Two Factor Authentication
Summary Two Factor Authentication
Queue Horde Base
Queue Version Git master
Type Enhancement
State Accepted
Priority 1. Low
Owners
Requester jurekam (at) gmail (dot) com
Created 2015-07-12 (1825 days ago)
Due
Updated 2020-07-02 (8 days ago)
Assigned
Resolved
Milestone
Patch No

History
2020-07-02 14:57:59 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #8 Reply to this comment
it would be really great to have a integration with LINOTP   
https://www.linotp.org/

2020-05-25 05:11:21 build+horde (at) de-korte (dot) org Comment #7 Reply to this comment
It has been made abundantly clear why this isn't implemented. Unless 
something is done about the reason why (lack of funding), it makes no 
sense to keep asking.
2020-05-24 21:20:15 copelius (at) neomailbox (dot) ch Comment #6 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two
Factor authentication would be great to have implemented.  I just
switched from a Roundcube install and it had a plugin for it which
worked great.  Two Factor authentication has become the standard
these days and your product is lacking in this regard.  Please
implement this ASAP.
Any progress on this subject?
Any progress on this, please??
2019-12-17 07:23:37 thierry (at) freebsd (dot) org Comment #5 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard 
these days and your product is lacking in this regard.  Please 
implement this ASAP.
Any progress on this subject?
2016-04-13 08:53:49 christoph (dot) haas (at) ukbw (dot) de Comment #4 Reply to this comment
Hello,
well, a 2-factor authentication can easily be done:
1. configure Horde for PAM-Authentication
2. use the Google authenticator PAM-module, or the pam-u2f-module 
for e.g. Yubikey
... and you're done.

Cheers from Stuttgart / BW / Germany
Christoph.
I had now the time to investigate further on this topic. It isn't as 
easy as mentioned in my last comment ...
Thus the below PAM-config works, tested e.g. as PAM-config for "su", 
it doesn't do so with Horde :-((
PAM-authentication works if I remove the google_authenticator part ...
(just for the records: my system runs on a Debian Jessie amd64)

/etc/pam.d/horde
auth requisite pam_google_authenticator.so forward_pass
auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 
use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so


-->> the login credential with this PAM-config consists of the 
user-password and the one-time-password from the Google Authenticator.
E.g. if the user-password is: mysecretpwd
and the Google OTP: 123456
the login credential would be: mysecretpwd123456

but in /var/log/syslog
HORDE: [horde] FAILED LOGIN for haasc to horde (172.16.1.2) [pid 10073 
on line 199 of "/var/www/html/horde/login.php"]
HORDE: [gollem] PHP ERROR: Invalid argument supplied for foreach() 
[pid 10073 on line 338 of "/var/www/html/horde/gollem/lib/Auth.php"]

... and the login is denied with a error on the Horde-login-screen:
"Cannot make/remove an entry for the specified session (in pam_authenticate)"

Clueless - where is my bug?
Christoph.

2016-01-22 17:38:06 Jan Schneider Version ⇒ Git master
Queue ⇒ Horde Base
State ⇒ Accepted
 
2015-11-18 21:39:03 christoph (dot) haas (at) ukbw (dot) de Comment #3 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard 
these days and your product is lacking in this regard.  Please 
implement this ASAP.
well, a 2-factor authentication can easily be done:
1. configure Horde for PAM-Authentication
2. use the Google authenticator PAM-module, or the pam-u2f-module for 
e.g. Yubikey
... and you're done.

Cheers from Stuttgart / BW / Germany
Christoph.
2015-07-12 14:39:15 Michael Rubinsky Comment #2
Priority ⇒ 1. Low
Reply to this comment
This is unlikely to happen anytime soon without someone sponsoring the 
work, or providing patches. Also, please check the mailing list archive.
2015-07-12 14:03:11 jurekam (at) gmail (dot) com Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 3. High
Summary ⇒ Two Factor Authentication
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard these 
days and your product is lacking in this regard.  Please implement 
this ASAP.

Saved Queries