6.0.0-git
2019-03-21

[#14051] Two Factor Authentication
Summary Two Factor Authentication
Queue Horde Base
Queue Version Git master
Type Enhancement
State Accepted
Priority 1. Low
Owners
Requester jurekam (at) gmail (dot) com
Created 2015-07-12 (1348 days ago)
Due
Updated 2016-04-13 (1072 days ago)
Assigned
Resolved
Milestone
Patch No

History
2016-04-13 08:53:49 christoph (dot) haas (at) ukbw (dot) de Comment #4 Reply to this comment
Hello,
well, a 2-factor authentication can easily be done:
1. configure Horde for PAM-Authentication
2. use the Google authenticator PAM-module, or the pam-u2f-module 
for e.g. Yubikey
... and you're done.

Cheers from Stuttgart / BW / Germany
Christoph.
I had now the time to investigate further on this topic. It isn't as 
easy as mentioned in my last comment ...
Thus the below PAM-config works, tested e.g. as PAM-config for "su", 
it doesn't do so with Horde :-((
PAM-authentication works if I remove the google_authenticator part ...
(just for the records: my system runs on a Debian Jessie amd64)

/etc/pam.d/horde
auth requisite pam_google_authenticator.so forward_pass
auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 
use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so


-->> the login credential with this PAM-config consists of the 
user-password and the one-time-password from the Google Authenticator.
E.g. if the user-password is: mysecretpwd
and the Google OTP: 123456
the login credential would be: mysecretpwd123456

but in /var/log/syslog
HORDE: [horde] FAILED LOGIN for haasc to horde (172.16.1.2) [pid 10073 
on line 199 of "/var/www/html/horde/login.php"]
HORDE: [gollem] PHP ERROR: Invalid argument supplied for foreach() 
[pid 10073 on line 338 of "/var/www/html/horde/gollem/lib/Auth.php"]

... and the login is denied with a error on the Horde-login-screen:
"Cannot make/remove an entry for the specified session (in pam_authenticate)"

Clueless - where is my bug?
Christoph.

2016-01-22 17:38:06 Jan Schneider Version ⇒ Git master
Queue ⇒ Horde Base
State ⇒ Accepted
 
2015-11-18 21:39:03 christoph (dot) haas (at) ukbw (dot) de Comment #3 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard 
these days and your product is lacking in this regard.  Please 
implement this ASAP.
well, a 2-factor authentication can easily be done:
1. configure Horde for PAM-Authentication
2. use the Google authenticator PAM-module, or the pam-u2f-module for 
e.g. Yubikey
... and you're done.

Cheers from Stuttgart / BW / Germany
Christoph.
2015-07-12 14:39:15 Michael Rubinsky Comment #2
Priority ⇒ 1. Low
Reply to this comment
This is unlikely to happen anytime soon without someone sponsoring the 
work, or providing patches. Also, please check the mailing list archive.
2015-07-12 14:03:11 jurekam (at) gmail (dot) com Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 3. High
Summary ⇒ Two Factor Authentication
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard these 
days and your product is lacking in this regard.  Please implement 
this ASAP.

Saved Queries