[Dovecot] Disable IMAP for ONE user only

SIW bov at bsdpanic.com
Tue May 6 07:26:54 UTC 2014 

I haven't considered Yubikey but I was considering this:

http://www.s-crib.com/

I'm not sure if these USB virtual keyboards are the best option as some 
internet cafes won't let you plug in USB devices or you don't have the 
rights to install it (I know they say it doesn't require drivers but 
some machines are locked down good)

 From what I have read it sounds like I need to have two passwords for 
one login...one for Roundcube (with OTP) and one for IMAP access. I 
think the key to this is to ONLY allow the IMAP password to be used with 
IMAP and for the Roundcube password (with OTP) to ONLY have access to 
Roundcube. That way if the Roundcube password gets recorded/keylogged 
then they can't use it with IMAP. Is this possible? (ie: bind/enforce a 
particular password to one type of service)

Another option, is it possible to have my main account and use it with 
IMAP but have a SECOND set of login credentials that I only use for 
Roundcube but can access my mailbox of the the other account?

I'm still battling with this!


On 06/05/2014 00:06, Professa Dementia wrote:
> On 5/5/2014 3:30 PM, Benjamin Podszun wrote:
>> On Monday, May 5, 2014 11:49:52 PM CEST, SIW wrote:
>>> I'm beginning to wonder if I am going about this all wrong :-)
>> No offense: I'm thinking the same thing. ;-)
>>
>>> Would it not be easier/better to leave all IMAP/SMTP access in place
>>> (for all users) and then just use "one time throw away passwords" for
>>> logging in from an internet cafe with Roundcube?
> Have you considered Yubikey?
>
> https://www.yubico.com/products/yubikey-hardware/yubikey/
>
> The USB device looks like a keyboard when plugged in.  Plug it in, type
> in your login, highlight the password field, then press the button on
> the Yubikey.  It "types" in the OTP.  Click the login button.
>
> It run on many OS's, including Linux where it interfaces with PAM.  A
> simple PAM config change installs it.
>
> https://www.yubico.com/applications/computer-login/linux/
>
> You can even (and I do recommend that you) use it with two factor, so
> you enter a normal password, plus the OTP (something that you know, plus
> something that you have).  This would take a small change to Roundcube,
> which is beyond scope for this list.
>
>
> Dem

More information about the dovecot mailing list