On 5/5/2014 3:30 PM, Benjamin Podszun wrote:
On Monday, May 5, 2014 11:49:52 PM CEST, SIW wrote:
I'm beginning to wonder if I am going about this all wrong :-)
No offense: I'm thinking the same thing. ;-)
Would it not be easier/better to leave all IMAP/SMTP access in place (for all users) and then just use "one time throw away passwords" for logging in from an internet cafe with Roundcube?
Have you considered Yubikey?
https://www.yubico.com/products/yubikey-hardware/yubikey/
The USB device looks like a keyboard when plugged in. Plug it in, type in your login, highlight the password field, then press the button on the Yubikey. It "types" in the OTP. Click the login button.
It run on many OS's, including Linux where it interfaces with PAM. A simple PAM config change installs it.
https://www.yubico.com/applications/computer-login/linux/
You can even (and I do recommend that you) use it with two factor, so you enter a normal password, plus the OTP (something that you know, plus something that you have). This would take a small change to Roundcube, which is beyond scope for this list.
Dem