--- Paul Lesniewski <paul@xxxxxxxxxxxxxxxx> wrote: - snip - <http://www.wikidsystems.com/community-version/documentation/howtos/two_factor_webmail>. > > Their instructions depend on the weakness Fredrik pointed out not > happening: the IMAP proxy server timing out your credentials. Hi Paul, Noted with thanks. > >> OR are there other suggestions? TIA > > > > A plugin hooked into the logout page of SquirrelMail could be used > to > > create a new password if the system allows it, but I don't have any > > suggestions right now on how to do that in practise. > > I actually have a plugin sitting around that creates OTPs from within > the SM interface (they are ONLY *SquirrelMail* OTPs); the somewhat > insecure part of the puzzle being that SM actually takes the user's > real password and stores it in an encrypted file. The encryption is > decent (any mcrypt-supported algorithm works), but it's still always > an iffy proposition for an application to store user passwords. This > particular plugin is years old and needs a lot of face-lifting before > it would be ready for use. Noted and thanks. B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
