Is multi factor authentication practical/feasible?
Paul Kudla (SCOM.CA Internet Services Inc.)
paul at scom.ca
Sun Jul 3 14:40:34 UTC 2022
Please note this is my opinion only
It seems any kind of dual auth will need a security app running on YOUR
server saving toikens, logins etc etc
this is what lead to microsoft, gmail etc having their own api which
will only work for them
this is also (mainly because of https authing the device) what makes it
hard to proxy oauth2 etc
If you look at sogo's documentation they have a java server applet
Still working on the install to make work with my system but in general
you need your own whatever app to track oauth2
5.7. Authenticating using C.A.S.
SOGo natively supports C.A.S. authentication. For activating C.A.S.
authentication you need first
to make sure that the SOGoAuthenticationType setting is set to cas,
SOGoXSRFValidationEnabled is
set to NO and that the SOGoCASServiceURL setting is configured
appropriately.
I myself will eventually get around to implimenting this on one of my
servers ?
logically i will have to track tokens etc via https like google etc
basically the reality is every server will have it's own token base etc
thus preventing any kind of a standard.
Happy Sunday !!!
Thanks - paul
Paul Kudla
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email paul at scom.ca
On 7/3/2022 9:50 AM, John Gateley wrote:
>
>
>
> On 7/3/22 8:31 AM, John Gateley wrote:
>> The protocols were designed long before SAML and OIDC. SAML/OIDC give
>> you more control over authn/z
>> and allow easily adding in MFA or other different types of auth. To do
>> this right, you'd need to extend
>> the protocol to allow OIDC or SAML.
>
> I did find this RFC - I haven't read it, but it applies directly:
> https://datatracker.ietf.org/doc/html/rfc7628
>
> j
>
More information about the dovecot
mailing list