The recently released ISPConfig version finally supports 2FA (thank you!) but it's limited to e-mail only. Would it be possible to add TOTP support (i.e. Google Authenticator)? The QR code could be generated in JS client side, similar to https://github.com/lrsjng/kjua
Feel free to implement it or hire a dev to do so Currently I don't think it will be implemented soon, unless someone sponsors it.
Hi, thanks for the feedback - I'm actually thinking of implementing it for fun using already existing totp/qr libraries (and releasing it for free, you're welcome to integrate it), would this method work? How about licensing compatibility? My theoretical plan is: - Use a GPL3 TOTP library that's single class, for example this one here: https://www.idontplaydarts.com/static/ga.php_.txt - Add a QR code JS library to make QR generation easier, like this: https://github.com/davidshimjs/qrcodejs - it depends on jquery but I see that ISPConfig is using it anyways so it's ok. This one is MIT licensed. - The DB sys_user table has otp_data / otp_recovery / otp_attempts fields that would work just fine for totp, otp_type had to be altered to include 'totp' in addition to 'none' and 'email'. - Patch the admin form to include TOTP configuration + generation, patch login to implement TOTP. What do you think? Is this feasible?
All libraries you use and the code you write must use BSD license or a compatible license like MIT. For example, you can not use GPL2 or GPL3 code as this would infect the ISPConfig code to become GPL if we included it.
Thank you both for responding, I will check licensing and open a proper merge request if it works out.
@diab did you get anyfurther with this? It would be a nice addition, and I would be happy to review it. qrcodejs seems to be MIT licenced, so that's ok. Instead of ga.php_.txt there is also the MIT licenced code for a Roundcube webmail TOTP plugin. The specific JS code is in https://github.com/alexandregz/twofactor_gauthenticator/blob/master/twofactor_gauthenticator.js
