How to set otp one time password
Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again?
# This is my settings: # /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes auth_cache_size = 10M auth_failure_delay = 5 secs auth_ssl_username_from_cert = yes auth_mechanisms = otp !include auth-ldap.conf.ext
error logs:
6952-Jan 06 18:03:01 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp (core dumps disabled) 6953-Jan 06 18:03:02 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6954-Jan 06 18:03:02 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6955:Jan 06 18:03:02 auth: Fatal: OTP mechanism can't be supported with given passdbs 6956-Jan 06 18:03:02 master: Error: service(auth): command startup failed, throttling for 2.000 secs 6957-Jan 06 18:03:02 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS handshaking, session=<OiDkhZXx7fasHhQz> 6958-Jan 06 18:03:07 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6959-Jan 06 18:03:07 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6960:Jan 06 18:03:07 auth: Fatal: OTP mechanism can't be supported with given passdbs 6961-Jan 06 18:03:07 master: Error: service(auth): command startup failed, throttling for 4.000 secs 6962-Jan 06 18:03:07 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS handshaking, session=<qgIyhpXx8PasHhQz> 6963-Jan 06 18:03:11 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6964-Jan 06 18:03:11 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6965:Jan 06 18:03:11 auth: Fatal: OTP mechanism can't be supported with given passdbs 6966-Jan 06 18:03:11 master: Error: service(auth): command startup failed, throttling for 8.000 secs 6967-Jan 06 18:03:11 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 3 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS, session=<gDdvhpXx8/asHhQz> 6968-Jan 06 18:03:19 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6969-Jan 06 18:03:19 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6970:Jan 06 18:03:19 auth: Fatal: OTP mechanism can't be supported with given passdbs 6971-Jan 06 18:03:19 master: Error: service(auth): command startup failed, throttling for 16.000 secs 6972-Jan 06 18:03:19 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 8 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS, session=<qp7phpXx9PasHhQz> 6973-Jan 06 18:03:29 imap-login: Info: Disconnected: Connection closed (disconnected before auth was ready, waited 5 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS, session=<N1qAh5Xx/PasHhQz> 6974-Jan 06 18:03:35 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6975-Jan 06 18:03:35 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6976:Jan 06 18:03:35 auth: Fatal: OTP mechanism can't be supported with given passdbs 6977-Jan 06 18:03:35 master: Error: service(auth): command startup failed, throttling for 32.000 secs 6978-Jan 06 18:04:01 master: Warning: Killed with signal 15 (by pid=2692494 uid=0 code=kill) 6979-Jan 06 18:04:02 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp (core dumps disabled) 6980-Jan 06 18:04:09 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6981-Jan 06 18:04:09 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6982:Jan 06 18:04:09 auth: Fatal: OTP mechanism can't be supported with given passdbs 6983-Jan 06 18:04:09 master: Error: service(auth): command startup failed, throttling for 2.000 secs 6984-Jan 06 18:04:09 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.30.20.51, lip=172.16.5.111, TLS handshaking, session=<8VrsiZXxFfesHhQz> 6985-Jan 06 18:04:56 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6986-Jan 06 18:04:56 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6987:Jan 06 18:04:56 auth: Fatal: OTP mechanism can't be supported with given passdbs 6988-Jan 06 18:04:56 master: Error: service(auth): command startup failed, throttling for 4.000 secs 6989-Jan 06 18:05:57 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6990-Jan 06 18:05:57 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6991:Jan 06 18:05:57 auth: Fatal: OTP mechanism can't be supported with given passdbs 6992-Jan 06 18:05:57 master: Error: service(auth): command startup failed, throttling for 8.000 secs 6993-Jan 06 18:06:26 master: Warning: Killed with signal 15 (by pid=2692680 uid=0 code=kill) 6994-Jan 06 18:06:27 log(2692602): Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) 6995-Jan 06 18:06:27 master: Info: Dovecot v2.3.19.1 (9b53102964) starting up for imap, lmtp (core dumps disabled) 6996-Jan 06 18:06:47 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth 6997-Jan 06 18:06:47 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so 6998-Jan 06 18:06:47 auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat 6999-Jan 06 18:06:47 auth: Error: ldap_bind 7000-Jan 06 18:06:47 auth: Error: ldap_simple_bind 7001-Jan 06 18:06:47 auth: Error: ldap_sasl_bind
if option: auth_mechanisms = plain login Can send and receive emails successfully, but when the otp time expires, you need to re-enter the password + otp, which is unacceptable to the user
Looking forward to your reply, Tanks
-- nick(Weihao)
weihao.chen@artisantechnologies.cn
On January 7, 2023 7:44:44 AM GMT+02:00, "weihao.chen@artisantechnologies.cn" <weihao.chen@artisantechnologies.cn> wrote:
Dear Everybody: May I ask how to configure dovecot otp one-time verification login, that is, after the user logs in to the mailbox with the password + otp, he can send and receive emails without entering the password + otp again?
<snip/>
if option: auth_mechanisms = plain login Can send and receive emails successfully, but when the otp time expires, you need to re-enter the password + otp, which is unacceptable to the user
Looking forward to your reply, Tanks
-- nick(Weihao)
weihao.chen@artisantechnologies.cn
The OTP mechanism only works with special otp passwords. If you want more generic solution, use pam with suitable modules. But as you noticed, you'll end up with authenticating with otp all the time.
You should use OAUTH2 instead, unfortunately MUA support is not very good, except for webmail based solutions.
Aki
participants (2)
-
Aki Tuomi
-
weihao.chen@artisantechnologies.cn