I want to add two-factor authentication to dovecot and thought of appending a OTP to the normal password a user has then sending that "new" password to Dovecot so i wondered whether it is possible to edit the password_query in dovecot-sql.conf.ext in such a way that it includes a section where the OTP part of the password is verified.
Asked
Active
Viewed 877 times
1 Answers
0
The authentication in dovecat can work via PAM. Most two factor authentication systems (to be specific OTP systems) add the second factor by just appending the OTP value after the password like:
mySecretPassword788293
This is sent to the authentication backend which knows, how to haĆdle this. This means that the PAM stack would only request one password (which consists of the static part/knowledge and the OTPpart/possession) and have the OTP backend verify this.
E.g. you could use privacyIDEA to manage your 2nd factors in conjunction with PAM. http://privacyidea.readthedocs.io/en/latest/application_plugins/index.html
Disclaimer: I am core developer of privacyIDEA
cornelinux
- 737
- 6
- 17