Archive for June, 2014

Posted by keith.wirch at June 28, 2014

Category: Email, Linux, Servers

Some of you may know I made my own email server.  I’ll not explain why yet (maybe in another blog post).  But it involves the decisions of certain government agency overreaching it bounds!  Not gonna go into that right now.

I use roundcube to have webmail access.  Having webmail just makes me uneasy because while it is convenient, it is also is a huge security risk.  So I started using two factor authentication.  I found a tutorial in a series that Arstechnica had up and I’m taking what I learned from them and applying it here.  This two-factor authentication is done by using a plugin for Roundcube called twofactor_gauthenticator.  I don’t really get why it says it uses Google Authentication when it really just uses RFC 6238 for TOTP (Time-Based One-time Passwords).  Which is really all that the Google Authenticator does I believe.  Maybe google came up with the RFC?  I dunno.  But it doesn’t really matter.  This plugin works with any application that uses RFC 6238 including the Windows Phone apps, which is what I use.

Now on to what you likely used a search engine to get here for.

This plugin will require php-soap according to the documentation.  It’s quite easy to get on Debian by using apt-get php-soap.  You Red Hat folks can probably use yum.

First you will need to login to linux server and navigate to your roundcube plugin location.  On debian servers, it is /usr/share/<your web server>/roundcube<version number>/plugins.

Then “git” the plugin.  You’ll need git in order to do this.  apt-get install git will grab it.  Then run this command.

git clone https://github.com/alexandregz/twofactor_gauthenticator.git

Make sure you have permissons to write to this folder. And do an ls -l to make sure that the permissions to twofactor_gauthenticator match the rest of your plugin folders in this directory. lastly, go back to roundcube install folder (/usr/share/<your web server>/roundcube<version number>) and drop into the config folder. Open your main config file for editing and add twofactor_gauthenticator to the last line mentioning your plugins.

It should look something like this:
$config[‘plugins’] = array(‘plugin1’, ‘plugin2’, ‘twofactor_gauthenticator’);

Then just restart your web service. That’ll restart php and the like. Now login to roundcube and goto your settings. You should see “2steps Google Verification” like you see below.

Generate a secret and for the love of pete, set a recovery code. If you loose your phone or key somehow you are suck! So stuck!. Once you get your phone app setup, be sure to check your code at the bottom to make sure that it works. Once you hit save, login again and roundcube will ask for your new code. Enjoy the peice of mind my friends!