mailcow-dockerized-docs/u_e-mailcow_ui-tfa/index.html

2054 Zeilen
Kein EOL
46 KiB
HTML

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="canonical" href="https://mailcow.github.io/mailcow-dockerized-docs/u_e-mailcow_ui-tfa/">
<link rel="icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.1.2, mkdocs-material-7.1.5">
<title>Two-Factor Authentication - mailcow: dockerized documentation</title>
<link rel="stylesheet" href="../assets/stylesheets/main.bde7dde4.min.css">
<link rel="stylesheet" href="../assets/stylesheets/palette.ef6f36e2.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>:root{--md-text-font-family:"Roboto";--md-code-font-family:"Roboto Mono"}</style>
<link rel="stylesheet" href="../extra.css">
</head>
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none">
<script>function __prefix(e){return new URL("..",location).pathname+"."+e}function __get(e,t=localStorage){return JSON.parse(t.getItem(__prefix(e)))}</script>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#yubi-otp" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="mailcow: dockerized documentation" class="md-header__button md-logo" aria-label="mailcow: dockerized documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
mailcow: dockerized documentation
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Two-Factor Authentication
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</label>
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/mailcow/mailcow-dockerized/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
mailcow/mailcow-dockerized
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="mailcow: dockerized documentation" class="md-nav__button md-logo" aria-label="mailcow: dockerized documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
</a>
mailcow: dockerized documentation
</label>
<div class="md-nav__source">
<a href="https://github.com/mailcow/mailcow-dockerized/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
mailcow/mailcow-dockerized
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." class="md-nav__link">
Information & Support
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2">
Prerequisites
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Prerequisites" data-md-level="1">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Prerequisites
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../prerequisite-system/" class="md-nav__link">
Prepare your system
</a>
</li>
<li class="md-nav__item">
<a href="../prerequisite-dns/" class="md-nav__link">
DNS setup
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3">
Installation, Update & Migration
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Installation, Update & Migration" data-md-level="1">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Installation, Update & Migration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../i_u_m_install/" class="md-nav__link">
Installation
</a>
</li>
<li class="md-nav__item">
<a href="../i_u_m_update/" class="md-nav__link">
Update
</a>
</li>
<li class="md-nav__item">
<a href="../i_u_m_migration/" class="md-nav__link">
Migration
</a>
</li>
<li class="md-nav__item">
<a href="../i_u_m_deinstall/" class="md-nav__link">
Deinstallation
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4">
Post Installation Tasks
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Post Installation Tasks" data-md-level="1">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Post Installation Tasks
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../firststeps-ssl/" class="md-nav__link">
Advanced SSL
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-disable_ipv6/" class="md-nav__link">
Disable IPv6
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-ip_bindings/" class="md-nav__link">
IP bindings
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-local_mta/" class="md-nav__link">
Local MTA on Docker host
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-logging/" class="md-nav__link">
Logging
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-relayhost/" class="md-nav__link">
Relayhosts
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-rp/" class="md-nav__link">
Reverse Proxy
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-rspamd_ui/" class="md-nav__link">
Rspamd UI
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-snat/" class="md-nav__link">
SNAT
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-sync_jobs_migration/" class="md-nav__link">
Sync job migration
</a>
</li>
<li class="md-nav__item">
<a href="../firststeps-trust_networks/" class="md-nav__link">
Add trusted networks
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5">
Models
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Models" data-md-level="1">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Models
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../model-acl/" class="md-nav__link">
ACL
</a>
</li>
<li class="md-nav__item">
<a href="../model-passwd/" class="md-nav__link">
Password hashing
</a>
</li>
<li class="md-nav__item">
<a href="../model-sender_rcv/" class="md-nav__link">
Sender and receiver model
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6">
General Troubleshooting
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="General Troubleshooting" data-md-level="1">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
General Troubleshooting
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../debug/" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="../debug-logs/" class="md-nav__link">
Logs
</a>
</li>
<li class="md-nav__item">
<a href="../debug-attach_service/" class="md-nav__link">
Attach a Container
</a>
</li>
<li class="md-nav__item">
<a href="../debug-reset_pw/" class="md-nav__link">
Reset Passwords (incl. SQL)
</a>
</li>
<li class="md-nav__item">
<a href="../debug-mysql_upgrade/" class="md-nav__link">
Manual MySQL upgrade
</a>
</li>
<li class="md-nav__item">
<a href="../debug-rm_volumes/" class="md-nav__link">
Remove Persistent Data
</a>
</li>
<li class="md-nav__item">
<a href="../debug-common_problems/" class="md-nav__link">
Common Problems
</a>
</li>
<li class="md-nav__item">
<a href="../debug-admin_login_sogo/" class="md-nav__link">
Admin login to SOGo
</a>
</li>
<li class="md-nav__item">
<a href="../debug-reset-tls/" class="md-nav__link">
Reset TLS certificates
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7" type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7">
Backup & Restore
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Backup & Restore" data-md-level="1">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Backup & Restore
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7_1" type="checkbox" id="__nav_7_1" >
<label class="md-nav__link" for="__nav_7_1">
Helper script
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Helper script" data-md-level="2">
<label class="md-nav__title" for="__nav_7_1">
<span class="md-nav__icon md-icon"></span>
Helper script
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../b_n_r_backup/" class="md-nav__link">
Backup
</a>
</li>
<li class="md-nav__item">
<a href="../b_n_r_restore/" class="md-nav__link">
Restore
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7_2" type="checkbox" id="__nav_7_2" >
<label class="md-nav__link" for="__nav_7_2">
Manually
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Manually" data-md-level="2">
<label class="md-nav__title" for="__nav_7_2">
<span class="md-nav__icon md-icon"></span>
Manually
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-backup_restore-maildir/" class="md-nav__link">
Maildir
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-backup_restore-mysql/" class="md-nav__link">
MySQL
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8" type="checkbox" id="__nav_8" checked>
<label class="md-nav__link" for="__nav_8">
Manual/Guides/Examples
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Manual/Guides/Examples" data-md-level="1">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Manual/Guides/Examples
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_1" type="checkbox" id="__nav_8_1" checked>
<label class="md-nav__link" for="__nav_8_1">
mailcow UI
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="mailcow UI" data-md-level="2">
<label class="md-nav__title" for="__nav_8_1">
<span class="md-nav__icon md-icon"></span>
mailcow UI
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-mailcow_ui-config/" class="md-nav__link">
Configuration
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-mailcow_ui-bl_wl/" class="md-nav__link">
Blacklist / Whitelist
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-mailcow_ui-pushover/" class="md-nav__link">
Pushover
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-mailcow_ui-spamfilter/" class="md-nav__link">
Spamfilter
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-mailcow_ui-spamalias/" class="md-nav__link">
Temporary email aliases
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-mailcow_ui-tagging/" class="md-nav__link">
Tagging
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Two-Factor Authentication
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
Two-Factor Authentication
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#yubi-otp" class="md-nav__link">
Yubi OTP
</a>
</li>
<li class="md-nav__item">
<a href="#u2f" class="md-nav__link">
U2F
</a>
</li>
<li class="md-nav__item">
<a href="#totp" class="md-nav__link">
TOTP
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../u_e-fido2/" class="md-nav__link">
WebAuthn / FIDO2
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_2" type="checkbox" id="__nav_8_2" >
<label class="md-nav__link" for="__nav_8_2">
Postfix
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Postfix" data-md-level="2">
<label class="md-nav__title" for="__nav_8_2">
<span class="md-nav__icon md-icon"></span>
Postfix
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-postfix-custom_transport/" class="md-nav__link">
Custom transport maps
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-postfix-postscreen_whitelist/" class="md-nav__link">
Whitelist IP in Postscreen
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-postfix-extra_cf/" class="md-nav__link">
Customize/Expand main.cf
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-postfix-disable_sender_verification/" class="md-nav__link">
Disable Sender Addresses Verification
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-postfix-attachment_size/" class="md-nav__link">
Max. message size (attachment size)
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-postfix-pflogsumm/" class="md-nav__link">
Statistics with pflogsumm
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_3" type="checkbox" id="__nav_8_3" >
<label class="md-nav__link" for="__nav_8_3">
Unbound
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Unbound" data-md-level="2">
<label class="md-nav__title" for="__nav_8_3">
<span class="md-nav__icon md-icon"></span>
Unbound
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-unbound-fwd/" class="md-nav__link">
Using an external DNS service
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_4" type="checkbox" id="__nav_8_4" >
<label class="md-nav__link" for="__nav_8_4">
Dovecot
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Dovecot" data-md-level="2">
<label class="md-nav__title" for="__nav_8_4">
<span class="md-nav__icon md-icon"></span>
Dovecot
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-dovecot-any_acl/" class="md-nav__link">
Enable "any" ACL settings
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-expunge/" class="md-nav__link">
Expunge a Users mails
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-extra_conf/" class="md-nav__link">
Customize/Expand dovecot.conf
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-fts/" class="md-nav__link">
FTS (Solr)
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-idle_interval/" class="md-nav__link">
IMAP IDLE interval
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-mail-crypt/" class="md-nav__link">
Mail crypt
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-more/" class="md-nav__link">
More Examples with DOVEADM
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-vmail-volume/" class="md-nav__link">
Move Maildir (vmail)
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-public_folder/" class="md-nav__link">
Public folders
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-dovecot-static_master/" class="md-nav__link">
Static master user
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_5" type="checkbox" id="__nav_8_5" >
<label class="md-nav__link" for="__nav_8_5">
Nginx
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Nginx" data-md-level="2">
<label class="md-nav__title" for="__nav_8_5">
<span class="md-nav__icon md-icon"></span>
Nginx
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-nginx/" class="md-nav__link">
Custom sites
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-webmail-site/" class="md-nav__link">
Create subdomain webmail.example.org
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../u_e-redis/" class="md-nav__link">
Redis
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-rspamd/" class="md-nav__link">
Rspamd
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-sogo/" class="md-nav__link">
SOGo
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_9" type="checkbox" id="__nav_8_9" >
<label class="md-nav__link" for="__nav_8_9">
XMPP
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="XMPP" data-md-level="2">
<label class="md-nav__title" for="__nav_8_9">
<span class="md-nav__icon md-icon"></span>
XMPP
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-xmpp-faq/" class="md-nav__link">
FAQ
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-xmpp-enable/" class="md-nav__link">
Enable XMPP
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8_10" type="checkbox" id="__nav_8_10" >
<label class="md-nav__link" for="__nav_8_10">
Docker
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Docker" data-md-level="2">
<label class="md-nav__title" for="__nav_8_10">
<span class="md-nav__icon md-icon"></span>
Docker
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../u_e-docker-cust_dockerfiles/" class="md-nav__link">
Customize Dockerfiles
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-docker-dc_bash_compl/" class="md-nav__link">
Docker Compose Bash Completion
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../u_e-why_unbound/" class="md-nav__link">
Why unbound?
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-autodiscover_config/" class="md-nav__link">
Autodiscover / Autoconfig
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-80_to_443/" class="md-nav__link">
Redirect HTTP to HTTPS
</a>
</li>
<li class="md-nav__item">
<a href="../u_e-reeanble-weak-protocols/" class="md-nav__link">
Re-enable TLS 1.0 and TLS 1.1
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_9" type="checkbox" id="__nav_9" >
<label class="md-nav__link" for="__nav_9">
Client Configuration
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Client Configuration" data-md-level="1">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Client Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../client/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-android/" class="md-nav__link">
Android
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-apple/" class="md-nav__link">
Apple macOS / iOS
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-emclient/" class="md-nav__link">
eM Client
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-gajim_xmpp_client/" class="md-nav__link">
Gajim XMPP client
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-kontact/" class="md-nav__link">
KDE Kontact
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-outlook/" class="md-nav__link">
Microsoft Outlook
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-thunderbird/" class="md-nav__link">
Mozilla Thunderbird
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-windows/" class="md-nav__link">
Windows Mail
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-windowsphone/" class="md-nav__link">
Windows Phone
</a>
</li>
<li class="md-nav__item">
<a href="../client/client-manual/" class="md-nav__link">
Manual configuration
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_10" type="checkbox" id="__nav_10" >
<label class="md-nav__link" for="__nav_10">
Third party apps
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Third party apps" data-md-level="1">
<label class="md-nav__title" for="__nav_10">
<span class="md-nav__icon md-icon"></span>
Third party apps
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../third_party-borgmatic/" class="md-nav__link">
Borgmatic Backup
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-exchange_onprem/" class="md-nav__link">
Exchange Hybrid Setup
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-gitea/" class="md-nav__link">
Gitea
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-gogs/" class="md-nav__link">
Gogs
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-mailpiler_integration/" class="md-nav__link">
Mailpiler Integration
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-nextcloud/" class="md-nav__link">
Nextcloud
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-portainer/" class="md-nav__link">
Portainer
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-roundcube/" class="md-nav__link">
Roundcube
</a>
</li>
<li class="md-nav__item">
<a href="../third_party-thunderbird/" class="md-nav__link">
SOGo Connector for Thunderbird
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#yubi-otp" class="md-nav__link">
Yubi OTP
</a>
</li>
<li class="md-nav__item">
<a href="#u2f" class="md-nav__link">
U2F
</a>
</li>
<li class="md-nav__item">
<a href="#totp" class="md-nav__link">
TOTP
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/mailcow/mailcow-dockerized-docs/edit/master/docs/u_e-mailcow_ui-tfa.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
</a>
<h1>Two-Factor Authentication</h1>
<p>So far three methods for <em>Two-Factor Authentication</em> are implemented: U2F, Yubi OTP, and TOTP</p>
<ul>
<li>For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.</li>
<li>Both U2F and Yubi OTP work well with the fantastic <a href="https://www.yubico.com">Yubikey</a>.</li>
<li>While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS.</li>
<li>U2F and Yubi OTP support multiple keys per user.</li>
<li>As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually.</li>
</ul>
<p>As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.</p>
<p>The key used to login will be displayed in green, while other keys remain grey.</p>
<p>Information on how to remove 2FA can be found <a href="https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_pw/#remove-two-factor-authentication">here</a>.</p>
<h3 id="yubi-otp">Yubi OTP<a class="headerlink" href="#yubi-otp" title="Permanent link">&para;</a></h3>
<p>The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key.
The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.</p>
<h3 id="u2f">U2F<a class="headerlink" href="#u2f" title="Permanent link">&para;</a></h3>
<p>Only Google Chrome (+derivatives) and Opera support U2F authentication to this day natively.
Since version 67 Mozilla Firefox can handle U2F natively. (<a href="https://support.yubico.com/support/solutions/articles/15000017511-enabling-u2f-support-in-mozilla-firefox">Source</a>)</p>
<p>U2F works without an internet connection.</p>
<h3 id="totp">TOTP<a class="headerlink" href="#totp" title="Permanent link">&para;</a></h3>
<p>The best known TFA method mostly used with a smartphone.</p>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<nav class="md-footer__inner md-grid" aria-label="Footer">
<a href="../u_e-mailcow_ui-tagging/" class="md-footer__link md-footer__link--prev" rel="prev">
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Previous
</span>
Tagging
</div>
</div>
</a>
<a href="../u_e-fido2/" class="md-footer__link md-footer__link--next" rel="next">
<div class="md-footer__title">
<div class="md-ellipsis">
<span class="md-footer__direction">
Next
</span>
WebAuthn / FIDO2
</div>
</div>
<div class="md-footer__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2021 André Peters
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
<div class="md-footer-social">
<a href="https://mailcow.email" target="_blank" rel="noopener" title="mailcow.email" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M248 8C111.03 8 0 119.03 0 256s111.03 248 248 248 248-111.03 248-248S384.97 8 248 8zm82.29 357.6c-3.9 3.88-7.99 7.95-11.31 11.28-2.99 3-5.1 6.7-6.17 10.71-1.51 5.66-2.73 11.38-4.77 16.87l-17.39 46.85c-13.76 3-28 4.69-42.65 4.69v-27.38c1.69-12.62-7.64-36.26-22.63-51.25-6-6-9.37-14.14-9.37-22.63v-32.01c0-11.64-6.27-22.34-16.46-27.97-14.37-7.95-34.81-19.06-48.81-26.11-11.48-5.78-22.1-13.14-31.65-21.75l-.8-.72a114.792 114.792 0 0 1-18.06-20.74c-9.38-13.77-24.66-36.42-34.59-51.14 20.47-45.5 57.36-82.04 103.2-101.89l24.01 12.01C203.48 89.74 216 82.01 216 70.11v-11.3c7.99-1.29 16.12-2.11 24.39-2.42l28.3 28.3c6.25 6.25 6.25 16.38 0 22.63L264 112l-10.34 10.34c-3.12 3.12-3.12 8.19 0 11.31l4.69 4.69c3.12 3.12 3.12 8.19 0 11.31l-8 8a8.008 8.008 0 0 1-5.66 2.34h-8.99c-2.08 0-4.08.81-5.58 2.27l-9.92 9.65a8.008 8.008 0 0 0-1.58 9.31l15.59 31.19c2.66 5.32-1.21 11.58-7.15 11.58h-5.64c-1.93 0-3.79-.7-5.24-1.96l-9.28-8.06a16.017 16.017 0 0 0-15.55-3.1l-31.17 10.39a11.95 11.95 0 0 0-8.17 11.34c0 4.53 2.56 8.66 6.61 10.69l11.08 5.54c9.41 4.71 19.79 7.16 30.31 7.16s22.59 27.29 32 32h66.75c8.49 0 16.62 3.37 22.63 9.37l13.69 13.69a30.503 30.503 0 0 1 8.93 21.57 46.536 46.536 0 0 1-13.72 32.98zM417 274.25c-5.79-1.45-10.84-5-14.15-9.97l-17.98-26.97a23.97 23.97 0 0 1 0-26.62l19.59-29.38c2.32-3.47 5.5-6.29 9.24-8.15l12.98-6.49C440.2 193.59 448 223.87 448 256c0 8.67-.74 17.16-1.82 25.54L417 274.25z"/></svg>
</a>
<a href="https://github.com/mailcow" target="_blank" rel="noopener" title="github.com" class="md-footer-social__link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 480 512"><path d="M186.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1zM480 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2zm-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3zm-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1z"/></svg>
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}, "search": "../assets/javascripts/workers/search.d351de03.min.js", "version": null}</script>
<script src="../assets/javascripts/bundle.a1609d9a.min.js"></script>
<script src="../clients.js"></script>
</body>
</html>