[Users] Zeta Alliance 2019 crowdfunding ideas

Victor d'Agostino d.agostino.victor at gmail.com
Tue Jan 15 09:53:07 CET 2019 

I'm on vacation and without access to documents but the principe is very
simple.

There is a first vm with nginx doing a reverse proxy if otp auth is good.
On a second vm there is the LinOTP server which manage users (ldap) and
tokens. The first vm call the LinOTP web API using a php page and set a
session cookie if otp auth succeded.

Check https://webmail.fiducial.fr


Le mar. 15 janv. 2019 à 15:43, Info Zeta Alliance <info at zetalliance.org> a
écrit :

> Can you share the tech details as well?? Perhaps and wiki document or so?
>
> ------------------------------
> *From: *"Victor d'Agostino" <d.agostino.victor at gmail.com>
> *To: *"info" <info at zetalliance.org>
> *Cc: *users at lists.zetalliance.org
> *Sent: *Tuesday, 15 January, 2019 09:39:53
> *Subject: *Re: [Users] Zeta Alliance 2019 crowdfunding ideas
>
> Hi guys
>
> Otp is not mandatory on a smartphone. The pin code is the 2FA and there is
> a local cache so no security.
>
> 2FA is only useful for webmail access.
>
> Imap clients make local cache so 2FA is useless too.
>
> In my company for Internet access we use LinOTP in front of the Zimbra
> webmail and it was very well welcomed by executives.
>
> Regards
> Victor
>
> Le mar. 15 janv. 2019 à 15:32, Info Zeta Alliance <info at zetalliance.org>
> a écrit :
>
>> Well, one needs to start somewhere... and there can be multiple
>> ways to authenticate.
>>
>> So the web-interface could be 2FA using an OTP code, and
>> Z-push could use something else.
>>
>> I never had much luck with Z-push and account shares, and also
>> it ate a lot of resources when deployed to any server with >100
>> users.
>>
>>
>>
>> ----- Original Message -----
>> From: "Ludo Gorzeman" <ludo at nomennesc.io>
>> To: "users" <users at lists.zetalliance.org>
>> Sent: Tuesday, 15 January, 2019 09:25:13
>> Subject: Re: [Users] Zeta Alliance 2019 crowdfunding ideas
>>
>> On Tue, Jan 15, 2019 at 09:00:08AM +0100, Barry de Graaff wrote:
>> > If Active Sync has OTP capability (I doubt it)
>>
>> No, it doesn't, but AS does support client certificates, which would be
>> a cool workaround for not being able to use password/otp-based auth.
>>
>>
>> > that would need to be implemented in Z-push.
>>
>> Afaik client certs are unsupported in z-push (and zextras, for that
>> matter), so indeed that would need to be implemented.
>>
>>
>> > Anyone still using Z-push? Why?
>>
>> Yes, because freedom ;-) and being a cheapskate, providing free e-mail
>> on a community server is not a "business model" that easily affords
>> license subscriptions.
>>
>> Cheers,
>>
>> Ludo
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20190115/84eba3a6/attachment.html>

More information about the Users mailing list