2FA for Dovecot

[Kees de Jong]

I did mention OTP for 2FA, and OTP can be indeed Google Authenticator,
the reason I'm not that specific is because the documentation isn't :)

PAM can indeed be used for this, I've read some list conversations
about this [1], [2]. However, as I mentioned in my first post, I'm
interested to know about the internal Dovecot authentication methods.
Since using PAM requires local users and I prefer using the virtual
users inside Dovecot.

There are several OTP authentication mechanisms in the source code [3],
[4], [5]. However, these lack documentation [6]. Therefore, I would
like to explore these builtin authentication methods first.

Is there someone in the Dovecot community that can provide some more
information about this, or the status of these authentication modules?



[1] https://dovecot.org/pipermail/dovecot/2013-March/088844.html
[2] https://dovecot.org/pipermail/dovecot/2007-February/019340.html
[3] https://github.com/dovecot/core/blob/master/src/auth/mech-otp.c
[4] 
https://github.com/dovecot/core/blob/master/src/auth/mech-otp-skey-common.c
[5] 
https://github.com/dovecot/core/blob/master/src/auth/password-scheme-otp.c
[6] 
https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/



On Tue, 2020-01-07 at 05:54 +0200, dovecot-request at dovecot.org wrote:
> You don't say what sort of 2FA you're considering, but wouldn't you
> just tell Dovecot to use PAM, and then extend PAM to use a 2FA
> module. For example there's a Google Auth one available in the second
> link below.
> 
> https://doc.dovecot.org/configuration_manual/authentication/pam/
> https://github.com/google/google-authenticator-libpam
> 
> P. 
> (Not a dovecot expert, although I know a fair amount about Linux)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200107/e0d10a43/attachment.sig>