date:20190423

Re: 2FA and IMAP

2019-04-23 Thread Michael Menge

Hi, 

You can configure a different IMAP Service in cyrus.conf for roundcube 
(differnt IP or port) and use pam with for authentication or block login for 
the other services wither cyrus denydb



Am 21. April 2019 23:09:06 MESZ schrieb Marcus Schopen :
>Hi,
>
>a friend wants to restrict access to his mailbox with 2FA. As webmailer
>I use Roundcube, which offers a 2FA plugin. But in the end this is
>pointless, because besides the webmailer there is also the native IMAP
>access available. Is it therefore possible to restrict the access to a
>single IMAP account to a certain IP so that this mailbox can only be
>accessed via the Roundcube?
>
>Ciao!
>Marcus
>
>
>Cyrus Home Page: http://www.cyrusimap.org/
>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>To Unsubscribe:
>https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2FA and IMAP

2019-04-23 Thread Alvin Starr

This is not multifactor authentication  and I am not sure if it will 
work but I was kicking around the idea of trying to use client 
certificates to insure that only mail clients with the proper client 
certificate  installed can connect.

On 4/23/19 2:46 PM, Christian Fontana wrote:
Hi. But the documentation not seems to be complete. I was not able to 
find an example or an explanation about how to restrict access to a 
single IMAP account from a certain IP.

May you point me to the righe page of documentation?

thanks

On Mon, 22 Apr 2019 at 19:14, Adam Tauno Williams 
mailto:awill...@whitemice.org>> wrote:

On Sun, 2019-04-21 at 23:09 +0200, Marcus Schopen wrote:
> Hi,
>
> a friend wants to restrict access to his mailbox with 2FA. As
> webmailer I use Roundcube, which offers a 2FA plugin. But in the end
> this is pointless, because besides the webmailer there is also the
> native IMAP access available. Is it therefore possible to restrict
> the access to a single IMAP account to a certain IP so that this
> mailbox can only be accessed via the Roundcube?

I doubt it, but maybe.

All the authentication stuff is handled by SASL - not really Cyrus -
and SASL is deeply configurable.

https://www.cyrusimap.org/sasl/

-- 
Adam Tauno Williams, awill...@whitemice.org

Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

--
Alvin Starr   ||   land:  (647)478-6285
Netvel Inc.   ||   Cell:  (416)806-0133
al...@netvel.net  ||

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2FA and IMAP

2019-04-23 Thread Christian Fontana

Hi. But the documentation not seems to be complete. I was not able to find
an example or an explanation about how to restrict access to a single IMAP
account from a certain IP.
May you point me to the righe page of documentation?

thanks


On Mon, 22 Apr 2019 at 19:14, Adam Tauno Williams 
wrote:

> On Sun, 2019-04-21 at 23:09 +0200, Marcus Schopen wrote:
> > Hi,
> >
> > a friend wants to restrict access to his mailbox with 2FA. As
> > webmailer I use Roundcube, which offers a 2FA plugin. But in the end
> > this is pointless, because besides the webmailer there is also the
> > native IMAP access available. Is it therefore possible to restrict
> > the access to a single IMAP account to a certain IP so that this
> > mailbox can only be accessed via the Roundcube?
>
> I doubt it, but maybe.
>
> All the authentication stuff is handled by SASL - not really Cyrus -
> and SASL is deeply configurable.
>
> https://www.cyrusimap.org/sasl/
>
> --
> Adam Tauno Williams, awill...@whitemice.org
> Multi-Modal Activists Against Auto Dependent Development
> resisting the unAmerican socialists of the Motorist hegemony
> http://www.mmaaadd.org
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: LDAP auth and ptloader

2019-04-23 Thread Sven Schwedas

This has nothing to do with my problem. Please stop spamming.

On 23.04.19 13:56, Willem Offermans wrote:
> Dear Cyrus friends and Sven,
> 
> A reason to look for authentication by radius.
> But maybe this should go to feature request.
> 
> 
> Wiel Offermans
> wil...@offermans.rompen.nl 
> 
> 
> 
> 
>> On 23 Apr 2019, at 13:50, Sven Schwedas > > wrote:
>>
>> On 23.04.19 13:43, Willem Offermans wrote:
>>> Dear Cyrus Friends and Sven,
>>>
>>> I don’t know if this is of any help.
>>>
>>> I have setup saslauthd to do LDAP authentication of Cyrus.
>>
>> That's what I want to get away from, because saslauthd cannot handle
>> groups, and I need to maintain PAM LDAP auth in parallel just to handle
>> that.
>>
>> -- 
>> Mit freundlichen Grüßen, / Best Regards,
>> Sven Schwedas, Systemadministrator
>> ✉ sven.schwe...@tao.at  | ☎ +43 680 301 7167
>> TAO Digital   | Teil der TAO Beratungs- & Management GmbH
>> Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
>> A8020 Graz    | https://www.tao-digital.at
>>
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz| https://www.tao-digital.at



signature.asc
Description: OpenPGP digital signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: LDAP auth and ptloader

2019-04-23 Thread Willem Offermans

Dear Cyrus friends and Sven,

A reason to look for authentication by radius.
But maybe this should go to feature request.


Wiel Offermans
wil...@offermans.rompen.nl




> On 23 Apr 2019, at 13:50, Sven Schwedas  wrote:
> 
> On 23.04.19 13:43, Willem Offermans wrote:
>> Dear Cyrus Friends and Sven,
>> 
>> I don’t know if this is of any help.
>> 
>> I have setup saslauthd to do LDAP authentication of Cyrus.
> 
> That's what I want to get away from, because saslauthd cannot handle
> groups, and I need to maintain PAM LDAP auth in parallel just to handle
> that.
> 
> -- 
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> ✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
> TAO Digital   | Teil der TAO Beratungs- & Management GmbH
> Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
> A8020 Graz| https://www.tao-digital.at
> 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: LDAP auth and ptloader

2019-04-23 Thread Sven Schwedas

On 23.04.19 13:43, Willem Offermans wrote:
> Dear Cyrus Friends and Sven,
> 
> I don’t know if this is of any help.
> 
> I have setup saslauthd to do LDAP authentication of Cyrus.

That's what I want to get away from, because saslauthd cannot handle
groups, and I need to maintain PAM LDAP auth in parallel just to handle
that.

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz| https://www.tao-digital.at



signature.asc
Description: OpenPGP digital signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: LDAP auth and ptloader

2019-04-23 Thread Willem Offermans

Dear Cyrus Friends and Sven,

I don’t know if this is of any help.

I have setup saslauthd to do LDAP authentication of Cyrus.

Now I’m at this point. I know this is off-topic:

LDAP is a database and not developed to do authentication.
Radius is developed to do AAA (Authentication, Authorization and Accounting).
Radius can do authentication in many different ways with many different 
databases.
Is it possible to do authentication with radius, for example freeradius?



Wiel Offermans
wil...@offermans.rompen.nl




> On 23 Apr 2019, at 11:45, Sven Schwedas  wrote:
> 
> I'm trying to set up direct LDAP auth via auth_meth=pts, but on start I
> always get "ptload(): can't connect to ptloader server: No such file or
> directory" as error. The directory for ptloader_sock exists and is the
> same as for all other sockets, so there shouldn't be any permission
> problems with the socket.
> 
> I suppose I need to somehow manually start up ptloader via cyrus.conf,
> but there's no documentation and nothing I can find in the mailing list
> archives as to *how*? What am I missing?
> 
> -- 
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> ✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
> TAO Digital   | Teil der TAO Beratungs- & Management GmbH
> Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
> A8020 Graz| https://www.tao-digital.at
> 
> 
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

LDAP auth and ptloader

2019-04-23 Thread Sven Schwedas

I'm trying to set up direct LDAP auth via auth_meth=pts, but on start I
always get "ptload(): can't connect to ptloader server: No such file or
directory" as error. The directory for ptloader_sock exists and is the
same as for all other sockets, so there shouldn't be any permission
problems with the socket.

I suppose I need to somehow manually start up ptloader via cyrus.conf,
but there's no documentation and nothing I can find in the mailing list
archives as to *how*? What am I missing?

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwe...@tao.at | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz| https://www.tao-digital.at



signature.asc
Description: OpenPGP digital signature

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2FA and IMAP

Re: 2FA and IMAP

Re: 2FA and IMAP

Re: LDAP auth and ptloader

Re: LDAP auth and ptloader

Re: LDAP auth and ptloader

Re: LDAP auth and ptloader

LDAP auth and ptloader

8 matches

Site Navigation

Mail list logo

Footer information