[Users] Agenda for this week's Thursday [Today] conference call is available for editing

David Sommerseth dazo at eurephia.org
Thu Jan 5 20:09:53 CET 2017 

On 05/01/17 15:22, Adam Cody wrote:
> Zeta Alliance Thursday conference call agenda is available for editing at :
> 
> https://docs.google.com/document/d/1N28L1z1sn4Wg-DfuU_Uv_PPE7S6X7ZD-ans0xxSbPJk/edit?usp=sharing
> 
> https://www.freeconferencecall.com/wall/zetalliance#/
> Thursday at:
> * 20:00 Amsterdam/Milan|Central European Time
> * 14:00 Detroit/Ne/w York|Eastern Time
> * 11:00 Los Angeles|Pacific Time
> You can confirm your local time using:
> * http://www.timeanddate.com
> 
> You can download the appointment from the wall page above. Once imported
> into Zimbra/ZWC , remember to modify it so it's a re-occurring appointment.

Hi all,

Sorry it's been quiet from me in a long while.  I've just had my plate
full within the OpenVPN Community since last autumn.  Unfortunately,
these meetings are on a time slot which is a bit hard for me to manage -
but I'm not ranting nor going to rant about that!

I quickly looked at the agenda and spotted a topic I have some interest
in:  Zimbra FOSS 2FA.

I might have mentioned it earlier, but I should have a very simple
Python Flask based proof-of-concept working for the webmail side only,
using the preauth approach [1].  It actually combined LDAP
authentication with OTP tokens and was tested using the FreeOTP Android
app.  This effort needs to be rewritten, but I do have experience here
to be able to contribute somehow.  Unfortunately, my schedule is fairly
full ... but please invite me at least to discussions on this topic, and
I'll do my best to help out.

The reason for only basing this on the web interface was also that
having to enter a new token each time an IMAP or SMTP client needs to
authenticate will be tedious for users in the long run.  The PreAuth
approach fits quite well into the use case for the webmail part.

Of course it would be beneficial to have OTP on the IMAP/SMTP clients
too.  But I honestly think Kerberos with OTP will give a far better user
experience in the end.  Users log into their computers using OTP tokens,
gets a kerberos ticket and IMAP/SMTP should just work.  And that is
almost the case (at least on RHEL), the only challenge here is Postfix
and if the IMAP connections goes via an nginx proxy.  That is already
discussed and tracked in Zimbra bugzillas.

[1] <https://wiki.zimbra.com/wiki/Preauth>


I also spotted that Barry is willing to give some git training.  If he
is too busy, I can also help out with such things too.


And as an ex-Red Hatter ... Red Hat is spelled like "Red Hat", not
redhat, RedHat or anything like that (and yes, I fixed it in the agenda
;-) )  Btw cool with the Zimbra/openshift/ansible stuff!  Hope it gets
approved.


-- 
kind regards,

David Sommerseth


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20170105/625d2b43/attachment.sig>

More information about the Users mailing list