Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: iltasu on October 12, 2008, 07:44:57 PM

Title: Email Authenticate via a key file and not password
Post by: iltasu on October 12, 2008, 07:44:57 PM

Hello,
I wonder if there's a way to have the authentication of the users of the email services (imap and smtp) done via some sort of key file stored on the client's computer, instead of letting everyone that knows the password of a user to log in. This way I'll be more than happy to give some of my clients the ability to use SMTP outside the lan, they don't have to remember arcane passwords, the key will be sufficiently hard to guess (128 or 256 bit... ^_^) ;-)

Thanks for the answers.

Gabriele

Title: Re: Email Authenticate via a key file and not password
Post by: cactus on October 12, 2008, 10:38:57 PM

Quote from: iltasu on October 12, 2008, 07:44:57 PM

Hello,
I wonder if there's a way to have the authentication of the users of the email services (imap and smtp) done via some sort of key file stored on the client's computer, instead of letting everyone that knows the password of a user to log in. This way I'll be more than happy to give some of my clients the ability to use SMTP outside the lan, they don't have to remember arcane passwords, the key will be sufficiently hard to guess (128 or 256 bit... ^_^) ;-)

Thanks for the answers.

Gabriele

You could consider VPN using a certificate (all users logged in from outside are considered as local to the server and traffic is obscured). I use this http://sme.firewall-services.com/spip.php?rubrique3 .

Title: Re: Email Authenticate via a key file and not password
Post by: iltasu on October 13, 2008, 04:42:31 PM

Hello! ^_^ Thank you for the answer, well, I use OpenVPN in all the servers, actually, both for remote management and remote access to network shares, printers, emails.. but some of them need to access emails from outside via their handhelds (a mix of iphones, PPC, Palms...), and the openvpn client is not developed for all those platforms.

Title: Re: Email Authenticate via a key file and not password
Post by: CharlieBrady on October 14, 2008, 06:48:44 PM

Quote from: iltasu on October 12, 2008, 07:44:57 PM

I wonder if there's a way to have the authentication of the users of the email services (imap and smtp) done via some sort of key file stored on the client's computer, instead of letting everyone that knows the password of a user to log in.

SME server doesn't have any such capability.

Title: Re: Email Authenticate via a key file and not password
Post by: Stefano on October 14, 2008, 06:54:35 PM

Quote from: CharlieBrady on October 14, 2008, 06:48:44 PM

SME server doesn't have any such capability.

but it could be very intersting.. any hint to start searching?

TIA

Ciao
Stefano

Title: Re: Email Authenticate via a key file and not password
Post by: warren on October 14, 2008, 07:50:58 PM

Quote

instead of letting everyone that knows the password of a user to log in

Its hard    :evil:, but users need to be educated   :hammer:  :hammer:, sharing of passwords is a no go ( would they be
as willing to share their bank pin numbers ? )

Quote

done via some sort of key file stored on the client's computer

If they are breaking the first rule ( ie letting others know  their passwords ), then
whats stopping them letting others have access to the key files ?