I found these: https://github.com/moriyoshi/cyrus-sasl-xoauth2 https://tools.ietf.org/id/draft-mills-kitten-sasl-oauth-02.html https://kanarip.wordpress.com/2015/10/18/kolab-sso-and-second-factors/ Gabriele Sonicle S.r.l. : http://www.sonicle.com Music: http://www.gabrielebulfon.com eXoplanets : https://gabrielebulfon.bandcamp.com/album/exoplanets
Da: [email protected] A: Info <[email protected]> Data: 18 gennaio 2021 10.52.54 CET Oggetto: Re: two factor auth Hi, X509/client-certificates actually work very well, I've been using it for quite some time. I guess the client-certificate provisioning is a bit hard for users. I myself was curious about a mechanism via XOAUTH2 authentication that some big players support; (I presume) it means you authenticate once via a web page (option for 2nd factor) and use a bearer token to authenticate from that moment on. I don't think Cyrus SASL supports XOAUTH2 yet; I noticed Dovecot does and was thinking about the option to use Dovecot as a proxy with XOAUTH2 authentication and use authorization (from the admin user) to Cyrus (or try the mechanism in Dovecot first for that matter). I guess there are more clients that support x509 compared to XOAUTH2 though, but you can have users enable less safe mechanisms explicitly perhaps, and support multiple mechanisms. Paul Cyrus / Info / see discussions + participants + delivery options Permalink ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T0cce10bfd349100c-M1f124ca2c335aa292c6a331f Delivery options: https://cyrus.topicbox.com/groups/info/subscription
