18 Zeilen
990 B
Markdown
18 Zeilen
990 B
Markdown
## How is UV handled in mailcow?
|
|
|
|
The UV flag (as in "user verification") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).
|
|
|
|
## Login and key processing
|
|
|
|
mailcow uses **client-side key processing**. We ask the authenticator (i.e. YubiKey) to save the registration in its memory.
|
|
|
|
A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the "key login" via mailcow UI login.
|
|
|
|
When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.
|
|
|
|
## Who can use WebAuthn to login to mailcow?
|
|
|
|
As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2.
|
|
|
|
---
|
|
**You want to use WebAuthn/Fido as 2FA? Check it out here: [Two-Factor Authentication](https://mailcow.github.io/mailcow-dockerized-docs/u_e-mailcow_ui-tfa/)**
|