One-​Time-​Passwords for Horde/​IMP?

I search a way to use one-​time–pass­words for Horde/​IMP on FreeBSD. I do not want to use PAM (loc­al users on the ma­chine). Cur­rently I use the au­then­tic­a­tion via IMAP4 (link between the IMAP4-​server and post­fix via MySQL, to have the same PW for send­ing and re­ceiv­ing), and I ex­pect that not all users of Horde/​IMP will use OTP if avail­able, so the prob­lem case is not that easy. I can ima­gine a solu­tion which tries to au­then­tic­ate via OTP first, and if it suc­ceeds gets a pass­word for the lo­gin to the IMAP4 serv­er. If the OTP-​auth fails, it could try the entered pass­word for the lo­gin to the IMAP4 serv­er. Mi­grat­ing ex­ist­ing users to a new solu­tion can be done by telling them to enter the pass­word from the ma­chine of the per­son do­ing the mi­gra­tion. The solu­tion needs to auto­mat­ic­ally lo­gin to the IMAP4 serv­er, en­ter­ing a pass­word for the IMAP4 serv­er after the OTP-​login to Horde is not an op­tion.

Oh, yes, send­ing the pass­words over SSL is not an op­tion (that is already the only way to lo­gin there). The goals are to have

  • an easy to re­mem­ber pass­word for an OTP app on the mo­bile to gen­er­ate the real pass­word
  • the pass­word ex­pire fast, so that a stolen pass­word does not cause much harm
  • not the same login-​password for dif­fer­ent ser­vices (mail-​pw != jabber-​pw != user-​pw)

Leave a Reply

Your email address will not be published. Required fields are marked *