OTP for RoundCube
I'm trying to do something that may not make a whole lot of sense, but bear
with me. My current setup includes courier-imap (and courier-imap-ssl)
using /etc/courier/userdb for authentication and apache2 (with a valid SSL
cert). I've installed RoundCube and gotten it working nicely with apache,
but I'd like to be able to authenticate with one-time passwords as well as
a normal password. (I sometimes want to log in from systems I don't trust
to type in a replayable password, but it usually isn't an issue.) I want to
avoid being forced to use OTP exclusively. If I have to set up separate
accounts where one exclusively requires OTP and the other exclusively
requires a normal password, that's fine. It's also fine if the OTP sequence
is unrelated to the normal password set for the account.
I did some Googling and it seems to be theoretically possible to use the
http_authentication plugin from the roundcube-plugins package (thank you
backports) in conjunction with the libapache2-mod-authn-sasl Apache module
to get one-time password support. I haven't been able to figure out how to
get that working, however. First off, I can't figure out how to configure
OTP for SASL. Second, RoundCube doesn't seem to be picking up the
username and password from the HTTP auth. I've reached the end of the
resources I could find by Googling, so I'm hoping someone can enlighten me.
Help?
--Greg
P.S. I don't care what variety of OTP it is. Opie, something else, it
doesn't matter to me. I'm planning on printing out a sequence of
passwords, so I don't need a generator anywhere but on the server
itself.
Reply to: