How to set otp one time password
Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again?
# This is my settings: # /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes auth_cache_size = 10M auth_failure_delay = 5 secs auth_ssl_username_from_cert = yes auth_mechanisms = otp !include auth-ldap.conf.ext
error logs:
6952-Jan 06 18:03:01 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp (core dumps disabled)
6953-Jan 06 18:03:02 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6954-Jan 06 18:03:02 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6955:Jan 06 18:03:02 auth: Fatal: OTP mechanism can't be supported with given passdbs
6956-Jan 06 18:03:02 master: Error: service(auth): command startup failed, throttling for 2.000 secs
6957-Jan 06 18:03:02 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS handshaking, session=<OiDkhZXx7fasHhQz>
6958-Jan 06 18:03:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6959-Jan 06 18:03:07 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6960:Jan 06 18:03:07 auth: Fatal: OTP mechanism can't be supported with given passdbs
6961-Jan 06 18:03:07 master: Error: service(auth): command startup failed, throttling for 4.000 secs
6962-Jan 06 18:03:07 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS handshaking, session=<qgIyhpXx8PasHhQz>
6963-Jan 06 18:03:11 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6964-Jan 06 18:03:11 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6965:Jan 06 18:03:11 auth: Fatal: OTP mechanism can't be supported with given passdbs
6966-Jan 06 18:03:11 master: Error: service(auth): command startup failed, throttling for 8.000 secs
6967-Jan 06 18:03:11 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 3 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS, session=
6968-Jan 06 18:03:19 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6969-Jan 06 18:03:19 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6970:Jan 06 18:03:19 auth: Fatal: OTP mechanism can't be supported with given passdbs
6971-Jan 06 18:03:19 master: Error: service(auth): command startup failed, throttling for 16.000 secs
6972-Jan 06 18:03:19 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 8 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS, session=<qp7phpXx9PasHhQz>
6973-Jan 06 18:03:29 imap-login: Info: Disconnected: Connection closed (disconnected before auth was ready, waited 5 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS, session=
6974-Jan 06 18:03:35 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6975-Jan 06 18:03:35 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6976:Jan 06 18:03:35 auth: Fatal: OTP mechanism can't be supported with given passdbs
6977-Jan 06 18:03:35 master: Error: service(auth): command startup failed, throttling for 32.000 secs
6978-Jan 06 18:04:01 master: Warning: Killed with signal 15 (by pid=2692494 uid=0 code=kill)
6979-Jan 06 18:04:02 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp (core dumps disabled)
6980-Jan 06 18:04:09 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6981-Jan 06 18:04:09 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6982:Jan 06 18:04:09 auth: Fatal: OTP mechanism can't be supported with given passdbs
6983-Jan 06 18:04:09 master: Error: service(auth): command startup failed, throttling for 2.000 secs
6984-Jan 06 18:04:09 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS handshaking, session=<8VrsiZXxFfesHhQz>
6985-Jan 06 18:04:56 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6986-Jan 06 18:04:56 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6987:Jan 06 18:04:56 auth: Fatal: OTP mechanism can't be supported with given passdbs
6988-Jan 06 18:04:56 master: Error: service(auth): command startup failed, throttling for 4.000 secs
6989-Jan 06 18:05:57 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6990-Jan 06 18:05:57 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6991:Jan 06 18:05:57 auth: Fatal: OTP mechanism can't be supported with given passdbs
6992-Jan 06 18:05:57 master: Error: service(auth): command startup failed, throttling for 8.000 secs
6993-Jan 06 18:06:26 master: Warning: Killed with signal 15 (by pid=2692680 uid=0 code=kill)
6994-Jan 06 18:06:27 log(2692602): Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
6995-Jan 06 18:06:27 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp (core dumps disabled)
6996-Jan 06 18:06:47 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
6997-Jan 06 18:06:47 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
6998-Jan 06 18:06:47 auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat
6999-Jan 06 18:06:47 auth: Error: ldap_bind
7000-Jan 06 18:06:47 auth: Error: ldap_simple_bind
7001-Jan 06 18:06:47 auth: Error: ldap_sasl_bind
if option: auth_mechanisms = plain login Can send and receive emails successfully, but when the otp time expires, you need to re-enter the password + otp, which is unacceptable to the user
Looking forward to your reply, Tanks
-- nick(Weihao)
weihao.chen@artisantechnologies.cn
On January 7, 2023 7:44:44 AM GMT+02:00, "weihao.chen@artisantechnologies.cn" weihao.chen@artisantechnologies.cn wrote:
Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again?
<snip/>
if option: auth_mechanisms = plain login Can send and receive emails successfully, but when the otp time expires, you need to re-enter the password + otp, which is unacceptable to the user
Looking forward to your reply, Tanks
-- nick(Weihao)
weihao.chen@artisantechnologies.cn
The OTP mechanism only works with special otp passwords. If you want more generic solution, use pam with suitable modules. But as you noticed, you'll end up with authenticating with otp all the time.
You should use OAUTH2 instead, unfortunately MUA support is not very good, except for webmail based solutions.
Aki
participants (2)
-
Aki Tuomi
-
weihao.chen@artisantechnologies.cn