On Tue, May 20, 2008 at 8:39 AM, Fredrik Jervfors <jervfors@xxxxxxxxxxxxxxxx> wrote: >> Ubuntu 7.04 server amd64 >> SM 1.4.11 >> >> I'm prepared adding One-Time-Password to SM as experiment. Please >> advise are following packages working on SM; >> >> opie-client opie-server libopie-dev >> >> They are on Ubuntu repo. > > No. Since SquirrelMail logs in to the IMAP server at least once per page > view, OPT is worthless. You might not even get as far as to loading both > frames after logging in, since the password will change every time you use > it. Using an IMAP proxy might help though, until it times out and the > connection to the IMAP server is lost. Every time the connection is closed > or lost, a new password will be generated and throw you back to the > SquirrelMail login page. > >> On googling I found; >> Open Source Two-factor authentication: The WiKID Community Edition >> http://www.wikidsystems.com/community-version >> >> Can it work on SM? If YES which package/packages shall I download? > > They state that they can. A link marked "Squirrelmail and other IMAP > services" on the first page links to > <http://www.wikidsystems.com/community-version/documentation/howtos/two_factor_webmail>. Their instructions depend on the weakness Fredrik pointed out not happening: the IMAP proxy server timing out your credentials. >> OR are there other suggestions? TIA > > A plugin hooked into the logout page of SquirrelMail could be used to > create a new password if the system allows it, but I don't have any > suggestions right now on how to do that in practise. I actually have a plugin sitting around that creates OTPs from within the SM interface (they are ONLY *SquirrelMail* OTPs); the somewhat insecure part of the puzzle being that SM actually takes the user's real password and stores it in an encrypted file. The encryption is decent (any mcrypt-supported algorithm works), but it's still always an iffy proposition for an application to store user passwords. This particular plugin is years old and needs a lot of face-lifting before it would be ready for use. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
