2FA for Dovecot
Benny Pedersen
me at junc.eu
Tue Jan 7 04:55:38 EET 2020
Plutocrat skrev den 2020-01-07 03:33:
> https://doc.dovecot.org/configuration_manual/authentication/pam/
> https://github.com/google/google-authenticator-libpam
it scales not very well to limit 2fa to only pam users, dovecot support
many other auth backends and imho dovecot should never use 2fa, but it
could and imho should be done in dovecot auth backend if possible to
keep control where it belongs
if 2fa solve week passwords then 2fa is not needed, so keep it simple
:=)
strong passwords is not a solution to leaked passwords, in that case its
could help with 2fa
fun part there is nets that control visa cards auth cant make a policy
that sms verify must be done on every transfer of money, only solution
there is to change to master card and enable geolocation block of all
until one self like to use our own master cards, i dont trust email auth
to be better
More information about the dovecot
mailing list