Steffen Kaiser <[EMAIL PROTECTED]> wrote on 7 Aug 2007 10:26:
> You mean, the client issues LOGIN (with a dummy password), because Dovecot
> needs to aquire the OTP challenge first, this LOGIN attempt is failed,
> but the username can be used to aquire the OTP challenge. It is reported
> back, via
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 23 Jul 2007, Frank Behrens wrote:
Solution 1:
When PAM is configured for IMAP the user can use a one-time-password in the
same way
as before. The problem is, that the user must know the sequence number for the
password
(otp challenge), so
On 24.7.2007, at 15.31, Frank Behrens wrote:
When you thing about it: A webmail client and the different IMAP
login mechanisms fit not
very well together. So some posters are right: you should better
use a "real" IMAP client. But
IMHO webmail is a useful solution, when you are on vacation or
Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote on 24 Jul 2007 23:40:
> a) provide the otp sequence as a capability (e.g. X-OTP-SEQ=1234), or
>
> b) provide a dovecot-specific IMAP command for finding out the current
>sequence value (e.g. X-OTP-SEQ)
>
> The sending of a dummy password to retri
Charles Marcus wrote on 24 Jul 2007 6:33:
> Definitely not stupid - I hope you didn't get that from my response...
No, I did not read your response in that way.
But the email was writte to discuss that, may be other people have much better
solutions.
> As a plug-in I think this would be perfect
On Tue, Jul 24, 2007 at 09:42:29AM +0300, Timo Sirainen wrote:
> On Mon, 2007-07-23 at 17:15 +0200, Frank Behrens wrote:
> > Solution 1:
> > When PAM is configured for IMAP the user can use a one-time-password in the
> > same way
> > as before. The problem is, that the user must know the sequence
On 7/24/2007, Frank Behrens ([EMAIL PROTECTED]) wrote:
So dovecot has no errors in this context, but I believe it could be
extended easily and that's
why I wrote in this mailing list. My hope is, that people comment:
- My ideas are stupid or not.
Definitely not stupid - I hope you didn't get
On Mon, 2007-07-23 at 17:15 +0200, Frank Behrens wrote:
> Solution 1:
> When PAM is configured for IMAP the user can use a one-time-password in the
> same way
> as before. The problem is, that the user must know the sequence number for
> the password
> (otp challenge), so we need a way to displ
Charles Marcus wrote on 23 Jul 2007 13:21:
> Phillip T. George, on 7/23/2007 1:00 PM, said the following:
> > SSL/TLS is not going to solve the keylogger and malware problem.
> > Basically, if you're on a public (or even a friend's) computer and
> > someone decides to monitor keystrokes using
Joakim Ryden wrote:
On Mon, July 23, 2007 10:54 am, Phillip T. George wrote:
[...]
Oh...also his post did include "/OTP", which unless I'm mistaken, than means
Off-Topic Post ..so it doesn't really matter if it had to do with Dovecot or
not, right? :)
:-)
I believe he was referring to
On 7/23/07, Phillip T. George <[EMAIL PROTECTED]> wrote:
>
Oh...also his post did include "/OTP", which unless I'm mistaken, than
means Off-Topic Post ..so it doesn't really matter if it had to do with
Dovecot or not, right? :)
I took it to mean one time password once i saw the context, O
On Mon, July 23, 2007 10:54 am, Phillip T. George wrote:
[...]
> Oh...also his post did include "/OTP", which unless I'm mistaken, than means
Off-Topic Post ..so it doesn't really matter if it had to do with Dovecot or
not, right? :)
:-)
I believe he was referring to One Time Passwords.
--Jo
Phillip T. George wrote:
Charles Marcus wrote:
Phillip T. George, on 7/23/2007 1:30 PM, said the following:
Charles Marcus wrote:
Phillip T. George, on 7/23/2007 1:00 PM, said the following:
SSL/TLS is not going to solve the keylogger and malware problem.
Basically, if you're on a public (
Charles Marcus wrote:
Phillip T. George, on 7/23/2007 1:30 PM, said the following:
Charles Marcus wrote:
Phillip T. George, on 7/23/2007 1:00 PM, said the following:
SSL/TLS is not going to solve the keylogger and malware problem.
Basically, if you're on a public (or even a friend's) computer
Phillip T. George, on 7/23/2007 1:30 PM, said the following:
Charles Marcus wrote:
Phillip T. George, on 7/23/2007 1:00 PM, said the following:
SSL/TLS is not going to solve the keylogger and malware problem.
Basically, if you're on a public (or even a friend's) computer and
someone decides t
Charles Marcus wrote:
Phillip T. George, on 7/23/2007 1:00 PM, said the following:
SSL/TLS is not going to solve the keylogger and malware problem.
Basically, if you're on a public (or even a friend's) computer and
someone decides to monitor keystrokes using some application, your
password wi
Phillip T. George, on 7/23/2007 1:00 PM, said the following:
SSL/TLS is not going to solve the keylogger and malware problem.
Basically, if you're on a public (or even a friend's) computer and
someone decides to monitor keystrokes using some application, your
password will be completely compro
Charles Marcus wrote:
On 7/23/2007, Frank Behrens ([EMAIL PROTECTED]) wrote:
I want to discuss some problems/enhancements for dovecot in a
webmail/otp setup.
For access to an IMAP server like dovecot I see different client types:
a) a "normal" MUA installed in a more or less trusted environmen
On 7/23/2007, Frank Behrens ([EMAIL PROTECTED]) wrote:
I want to discuss some problems/enhancements for dovecot in a
webmail/otp setup.
For access to an IMAP server like dovecot I see different client
types:
a) a "normal" MUA installed in a more or less trusted environment
b) remote access vi
I want to discuss some problems/enhancements for dovecot in a webmail/otp setup.
For access to an IMAP server like dovecot I see different client types:
a) a "normal" MUA installed in a more or less trusted environment
b) remote access via "webmail" from untrusted environments
For a) I see with d
20 matches
Mail list logo
