1 Topic by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 116

Topic: oAuth / 2 Step Verfication Feature Request

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi Devs,

I am wondering if you could add support for oAuth / 2 Step Verification for FIDO2 Support. I have found some Plugins for Roundcube but they don't seem to be maintained anymore.

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,081

Re: oAuth / 2 Step Verfication Feature Request

We don't develop Roundcube plugins, so if there's no working one available, we cannot help either. sad

3 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 116

Re: oAuth / 2 Step Verfication Feature Request

ZhangHuangbin wrote:

We don't develop Roundcube plugins, so if there's no working one available, we cannot help either. sad

Hey ZhangHuangbin not seen you around much, hope your good.

I have noticed that some of the Plugins for Roundcube which are used for 2 Step Verification requires modifying Auth for Dovecot. I have found a Plugin that is still maintained so will try that.  https://git.kolab.org/diffusion/RPK/bro … kolab_2fa/

Regards

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,081

Re: oAuth / 2 Step Verfication Feature Request

This plugin should work. smile

5 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 116

Re: oAuth / 2 Step Verfication Feature Request

ZhangHuangbin wrote:

This plugin should work. smile

I will give it ago and report when i have tried it.

Regards

6 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 116

Re: oAuth / 2 Step Verfication Feature Request

Update, Just to let you know. 2fa is now implemented into Roundcube and works with Yubikey.

Regards

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,081

Re: oAuth / 2 Step Verfication Feature Request

Thanks for sharing. smile

8 Reply by stevekez

  • stevekez
  • Member
  • Offline
  • Registered: 2012-07-11
  • Posts: 22

Re: oAuth / 2 Step Verfication Feature Request

Resurrecting this somewhat, has any consideration been given to providing similar authentication for SMTP/IMAP/etc?

Ref: https://documentation.open-xchange.com/ … vecot.html

Given the rigidity of these protocols, it would seem generating a long-lived bearer token that's bound to a particular client would be the best way to go.

Getting the token could be done through a Roundcube or perhaps iRedAdmin plugin.

Not trivial, but increasingly important from a security standpoint.

9 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 116

Re: oAuth / 2 Step Verfication Feature Request

stevekez wrote:

Resurrecting this somewhat, has any consideration been given to providing similar authentication for SMTP/IMAP/etc?

Ref: https://documentation.open-xchange.com/ … vecot.html

Given the rigidity of these protocols, it would seem generating a long-lived bearer token that's bound to a particular client would be the best way to go.

Getting the token could be done through a Roundcube or perhaps iRedAdmin plugin.

Not trivial, but increasingly important from a security standpoint.

We ended up going with 2 Step Verification with 2FA after, was looking at implementing keycloak but because I and the employees uses Yubikeys we use those to generate the codes for both Roundcube and Sogo Web mail. with Sogo webmail it works for EAS devices too.

Regards