move webauthn/fido2
Dieser Commit ist enthalten in:
andryyy
Ursprung
be3d3acbb6
Commit
107c39f1ef
3 geänderte Dateien mit 16 neuen und 29 gelöschten Zeilen
|
|
@ -1,28 +0,0 @@
|
|||
# Fully supported hashing methods
|
||||
|
||||
The most current mailcow fully supports the following hashing methods.
|
||||
The default hashing method is written in bold:
|
||||
|
||||
- **BLF-CRYPT**
|
||||
- SSHA256
|
||||
- SSHA512
|
||||
|
||||
The methods above can be used in `mailcow.conf` as `MAILCOW_PASS_SCHEME` value.
|
||||
|
||||
## Read-only hashing methods
|
||||
|
||||
The following methods are supported **read only**.
|
||||
|
||||
- MD5-CRYPT
|
||||
- PLAIN-MD5
|
||||
- SHA512-CRYPT
|
||||
|
||||
That means mailcow is able to verify users with a hash like `{PLAIN-MD5}1a1dc91c907325c69271ddf0c944bc72` from the database.
|
||||
|
||||
The value of `MAILCOW_PASS_SCHEME` will _always_ be used to encrypt new passwords.
|
||||
|
||||
---
|
||||
|
||||
> I changed the password hashes in the "mailbox" SQL table and cannot login.
|
||||
|
||||
A "view" needs to be updated. You can trigger this by restarting sogo-mailcow: `docker-compose restart sogo-mailcow`
|
||||
15
docs/u_e-fido2.md
Normale Datei
15
docs/u_e-fido2.md
Normale Datei
|
|
@ -0,0 +1,15 @@
|
|||
## How is UV handled in mailcow?
|
||||
|
||||
The UV flag (as in "user verification") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).
|
||||
|
||||
## Login and key processing
|
||||
|
||||
mailcow uses **client-side key processing**. We ask the authenticator (i.e. YubiKey) to save the registration in its memory.
|
||||
|
||||
A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the "key login" via mailcow UI login.
|
||||
|
||||
When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.
|
||||
|
||||
## Who can use WebAuthn to login to mailcow?
|
||||
|
||||
As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2.
|
||||
|
|
@ -44,7 +44,6 @@ nav:
|
|||
- 'ACL': 'model-acl.md'
|
||||
- 'Password hashing': 'model-passwd.md'
|
||||
- 'Sender and receiver model': 'model-sender_rcv.md'
|
||||
- 'WebAuthn / FIDO2': 'model-fido2.md'
|
||||
- 'Debugging & Troubleshooting':
|
||||
- 'Introduction': debug.md
|
||||
- 'Logs': 'debug-logs.md'
|
||||
|
|
@ -70,6 +69,7 @@ nav:
|
|||
- 'Temporary email aliases': 'u_e-mailcow_ui-spamalias.md'
|
||||
- 'Tagging': 'u_e-mailcow_ui-tagging.md'
|
||||
- 'Two-Factor Authentication': 'u_e-mailcow_ui-tfa.md'
|
||||
- 'WebAuthn / FIDO2': 'u_e-fido2.md'
|
||||
- 'Postfix':
|
||||
- 'Custom transport maps': 'u_e-postfix-custom_transport.md'
|
||||
- 'Whitelist IP in Postscreen': 'u_e-postfix-postscreen_whitelist.md'
|
||||
|
|
|
|||
Laden …
In neuem Issue referenzieren