6.0.0-alpha10
5/14/25

[#14051] Two Factor Authentication
Summary Two Factor Authentication
Queue Horde Base
Queue Version Git master
Type Enhancement
State Accepted
Priority 1. Low
Owners
Requester jurekam (at) gmail (dot) com
Created 07/12/2015 (3594 days ago)
Due
Updated 07/02/2020 (1777 days ago)
Assigned
Resolved
Milestone
Patch No

History
07/02/2020 02:57:59 PM Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #8 Reply to this comment
it would be really great to have a integration with LINOTP   
https://www.linotp.org/

05/25/2020 05:11:21 AM build+horde (at) de-korte (dot) org Comment #7 Reply to this comment
It has been made abundantly clear why this isn't implemented. Unless 
something is done about the reason why (lack of funding), it makes no 
sense to keep asking.
05/24/2020 09:20:15 PM copelius (at) neomailbox (dot) ch Comment #6 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two
Factor authentication would be great to have implemented.  I just
switched from a Roundcube install and it had a plugin for it which
worked great.  Two Factor authentication has become the standard
these days and your product is lacking in this regard.  Please
implement this ASAP.
Any progress on this subject?
Any progress on this, please??
12/17/2019 07:23:37 AM thierry (at) freebsd (dot) org Comment #5 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard 
these days and your product is lacking in this regard.  Please 
implement this ASAP.
Any progress on this subject?
04/13/2016 08:53:49 AM christoph (dot) haas (at) ukbw (dot) de Comment #4 Reply to this comment
Hello,
well, a 2-factor authentication can easily be done:
1. configure Horde for PAM-Authentication
2. use the Google authenticator PAM-module, or the pam-u2f-module 
for e.g. Yubikey
... and you're done.

Cheers from Stuttgart / BW / Germany
Christoph.
I had now the time to investigate further on this topic. It isn't as 
easy as mentioned in my last comment ...
Thus the below PAM-config works, tested e.g. as PAM-config for "su", 
it doesn't do so with Horde :-((
PAM-authentication works if I remove the google_authenticator part ...
(just for the records: my system runs on a Debian Jessie amd64)

/etc/pam.d/horde
auth requisite pam_google_authenticator.so forward_pass
auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 
use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so


-->> the login credential with this PAM-config consists of the 
user-password and the one-time-password from the Google Authenticator.
E.g. if the user-password is: mysecretpwd
and the Google OTP: 123456
the login credential would be: mysecretpwd123456

but in /var/log/syslog
HORDE: [horde] FAILED LOGIN for haasc to horde (172.16.1.2) [pid 10073 
on line 199 of "/var/www/html/horde/login.php"]
HORDE: [gollem] PHP ERROR: Invalid argument supplied for foreach() 
[pid 10073 on line 338 of "/var/www/html/horde/gollem/lib/Auth.php"]

... and the login is denied with a error on the Horde-login-screen:
"Cannot make/remove an entry for the specified session (in pam_authenticate)"

Clueless - where is my bug?
Christoph.

01/22/2016 05:38:06 PM Jan Schneider Version ⇒ Git master
Queue ⇒ Horde Base
State ⇒ Accepted
 
11/18/2015 09:39:03 PM christoph (dot) haas (at) ukbw (dot) de Comment #3 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard 
these days and your product is lacking in this regard.  Please 
implement this ASAP.
well, a 2-factor authentication can easily be done:
1. configure Horde for PAM-Authentication
2. use the Google authenticator PAM-module, or the pam-u2f-module for 
e.g. Yubikey
... and you're done.

Cheers from Stuttgart / BW / Germany
Christoph.
07/12/2015 02:39:15 PM Michael Rubinsky Comment #2
Priority ⇒ 1. Low		 Reply to this comment
This is unlikely to happen anytime soon without someone sponsoring the 
work, or providing patches. Also, please check the mailing list archive.
07/12/2015 02:03:11 PM jurekam (at) gmail (dot) com Comment #1
Priority ⇒ 3. High
Type ⇒ Enhancement
Summary ⇒ Two Factor Authentication
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
State ⇒ New		 Reply to this comment
I'm sure this has been brought up before, but I can't find it.  Two 
Factor authentication would be great to have implemented.  I just 
switched from a Roundcube install and it had a plugin for it which 
worked great.  Two Factor authentication has become the standard these 
days and your product is lacking in this regard.  Please implement 
this ASAP.
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers