Marc Powell wrote:
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:squirrelmail-
[EMAIL PROTECTED] On Behalf Of Hadmut Danisch
Sent: Friday, July 29, 2005 11:46 AM
To: [email protected]
Subject: [SM-USERS] Protecting IMAP passwords against keyloggers?
Hi,
I am just reflecting about a little security problem
and maybe someone knows a solution:
There is a web server, access over https, protected with
one time passwords. When you login you get access to
squirrelmail. The server is intended to give the users
access to email from internet cafes and other untrusted
computers. That's why it uses one time passwords, since
such computers always are suspected of being compromised and
might have things like keyloggers.
Reading e-mail with squirrelmail requires a second login
with the IMAP username and userpassword. But now, the same
user and password database the IMAP server make use of (LDAP)
is intended to be used for other purposes, and now it is
risky if passwords are caught by keyloggers.
Any idea how to circumvent entering the IMAP password
for squirrelmail but still being secure?
(User was already authenticated before)
I would imagine that http://www.squirrelmail.org/plugin_view.php?id=34
doesn't quite fit the bill but I'll bet it could be modified to do so.
For example, you might be able to modify login_auth_skip_login_do() in
functions.php to grab the username/password information from your LDAP
source based on whatever available information you have to identify the
user in the environment and replace references to $PHP_AUTH_PW and
$PHP_AUTH_USER with your new variables (you'll have to change the
variable names most likely).
I've never done it and never really looked at this plugin before but it
looks feasible. YMMV.
The Virtual Keyboard plugin should work pretty well:
http://www.squirrelmail.org/plugin_view.php?id=34
Jay
--
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
--
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
--
squirrelmail-users mailing list
Posting Guidelines:
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
