Milo Oostergo's projects:
This project extends the Zarafa WebAccess with a two factor authentication based on Yubikey
The Zarafa Yubikey integration will extend the Zarafa WebAccess with two factor authentication.
Next to the default username and password authentication, a OTP (One Time Password) generated on the Yubikey is checked against the Yubikey authentication servers.
In order to use Yubikey integration for Zarafa, please make sure:
To have a two factor authentication in the Zarafa WebAccess the login screen will be extended, see screenshot below.
To enable the Yubikey Zarafa integration use the following steps:
The get_publicid.php script will search in the LDAP directory for the publicid of the Yubikey and checks if the user who logs in with Yubikey matches also the username in LDAP with the used Yubikey public id. The script has to be modified with the correct ldap host, search base, bind user, username attribute and attribute where the Yubikey publicid is located.
Example LDIF file
dn: uid=john,ou=People,dc=example,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: zarafa-user uid: johnuidNumber: 1000 gidNumber: 1000 homeDirectory: /home/john mail: email@example.com cn: John Doe carLicense: vvrrkdhjhbaa <<<<<< this is the public yubikey id
Request an API key for the Yubikey authentication servers on https://upgrade.yubico.com/getapikey/
Now you are ready to test it!