[jira] [Commented] (GUACAMOLE-272) Alternative to Duo

["Nick Couchman (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/GUACAMOLE-272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16038896#comment-16038896 ] 

Nick Couchman commented on GUACAMOLE-272:
-----------------------------------------

So, my gut feeling here is that we could do a native 2FA authentication system, but I'd suggest *not* an e-mail- (or SMS-) based one.  I would be more tempted to go with something like Google Authenticator with a rotating token.  If you really want to do 2FA with e-mail or SMS, there's a RADIUS extension that should be available, soon, and you can use that plus RADIUS plus your favorite OTP implementation (LinOTP, OpenOTP) to do the e-mail or SMS-based authentication.

There are a couple of Java libraries available for generating OTPs, we would just need to figure out the best place to implement it (bolt on to JDBC modules, separate module, etc.) and do the work.  If you have any experience coding Java and want to jump in and help, we welcome the contributions!

> Alternative to Duo
> ------------------
>
>                 Key: GUACAMOLE-272
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-272
>             Project: Guacamole
>          Issue Type: Improvement
>            Reporter: Chris Wheeler
>
> I love the fact that you support 2 factor authentication, but I am disappointed it costs money when you have more than 10 users. I would like to propose that you implement a simple native 2FA option. All you would need to do is add a configurable email field for each user, and configurable SMTP settings. When the user logs in, it would prompt for a pin, then send that pin to their email address.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)