Tag: time passwords

One-Time-Passwords for Horde/IMP?

I search a way to use one-time-passwords for Horde/IMP on FreeB­SD. I do not want to use PAM (local users on the machine). Cur­rent­ly I use the authen­ti­ca­tion via IMAP4 (link between the IMAP4-server and post­fix via MySQL, to have the same PW for send­ing and receiv­ing), and I expect that not all users of Horde/IMP will use OTP if avail­able, so the prob­lem case is not that easy. I can imag­ine a solu­tion which tries to authen­ti­cate via OTP first, and if it suc­ceeds gets a pass­word for the login to the IMAP4 serv­er. If the OTP-auth fails, it could try the entered pass­word for the login to the IMAP4 serv­er. Migrat­ing exist­ing users to a new solu­tion can be done by telling them to enter the pass­word from the machine of the per­son doing the migra­tion. The solu­tion needs to auto­mat­i­cal­ly login to the IMAP4 serv­er, enter­ing a pass­word for the IMAP4 serv­er after the OTP-login to Horde is not an option.

Oh, yes, send­ing the pass­words over SSL is not an option (that is already the only way to login there). The goals are to have

  • an easy to remem­ber pass­word for an OTP app on the mobile to gen­er­ate the real password
  • the pass­word expire fast, so that a stolen pass­word does not cause much harm
  • not the same login-password for dif­fer­ent ser­vices (mail-pw != jabber-pw != user-pw)
Share/Save

One-Time-Passwords for XMPP/Jabber?

I search a way to use one-time-passwords for jabber/XMPP (ejab­berd) on FreeB­SD. I do not want to use PAM (local users on the machine). Cur­rent­ly I use the inter­nal authen­ti­ca­tion, and I expect that not all users of the jab­ber serv­er will use OTP if avail­able, so the prob­lem case is not that easy (migrat­ing exist­ing users to a new solu­tion can be done by chang­ing the pass­word myself and then telling them to change their pass­word, but there needs to be a way to let them change the non-OTP password).

I assume that OTP is not fore­seen in the XMPP pro­to­col, so where could I ask to have some­thing like that con­sid­ered as an exten­sion (if such a place exists at all)?

Oh, yes, send­ing the pass­words over SSL is not an option (that is already the only way to login there). The goals are to have

  • an easy to remem­ber pass­word for an OTP app on the mobile to gen­er­ate the real password
  • the pass­word expire fast, so that a stolen pass­word does not cause much harm
  • not the same login-password for dif­fer­ent ser­vices (mail-pw != jabber-pw != user-pw)
Share/Save

Some more WP plugins

Addi­tion­al­ly to the WP plu­g­ins I already talked about, I installed some more since then:

  • aLinks: auto­mat­ic link gen­er­a­tion based upon rules/modules/keywords
  • All in one SEO Pack: Search Engine Opti­miza­tion, e.g. auto­mat­ic meta tag gen­er­a­tion and more
  • Glob­al Trans­la­tor: auto­mat­ic machine-translation of your posts into oth­er lan­guages (see the coun­try flags in the sidebar)
  • Google XML Sitemaps: auto­mat­i­cal­ly gen­er­ates a sitemap and announces the update (after a post) to sev­er­al searchengines
  • http:BL word­press plu­g­in: checks vis­i­tors against the Project Hon­ey Pot black­list (email har­vest­ing) and rejects access
  • InfoLink: adds a but­ton to look up marked text in the edi­tor and link the markup to the first result if desired
  • One-Time Pass­word: allows to use one-time pass­words (RFC 2289) for the WP login
  • Smartlink­er: anoth­er but­ton for the edi­tor regard­ing auto­mat­ic link­ing (gives oth­er auto­mat­ic links than the oth­er auto­mat­ic link­ing plugins)
  • Update Noti­fi­er: sends me a mail when there is a update for WP
  • WP-Print: print­er friend­ly page of the post­ing (see the link below the title of this post), I had to patch it to not print the links from the WP AJAX Edit Com­ments plugin
  • WP AJAX Edit Com­ments: pro­vides an AJAX edit inter­face for comments
Share/Save