Kolab with 2FA privacyidea

Jochen Kellner jochen at jochen.org
Sun Oct 9 21:59:14 CEST 2022


Henning <laclaro at mail.com> writes:

> that's a great hint - I guess you redirect the API endpoint to have
> privacyidea deal with the request like described here:
> https://privacyidea.readthedocs.io/en/v3.5.2/tokens/tokentypes/yubikey.html#redirect-api-url-to-privacyideas-ttype-yubikey?

Yes. This is my (redacted) configuration in
/etc/roundcubemail/kolab_2fa.inc.php:

// configuration parameters for Yubikey (uncomment to adjust)
$config['kolab_2fa_yubikey'] = array(
    'clientid' => '12345',
    'apikey' => '<redacted>',
    'hosts'  => array('privacyidea.example.org'),
    'use_https' => true,  // connect via https if set to true
);

> Is there any general way to connect kolab/roundcube to privacyidea to
> keep the token-management in IT-hands?

I don't know a better way. For web applications something like keycloak
might be useful, but I've not seen SAML for roundcube...
I've also tried to get Kerberos working, but failed. Right now most of
my users don't use 2FA :-(

Jochen

-- 
This space is intentionally left blank.


More information about the users mailing list