Posts by My1

now that's what I call great news.

but @Nuxwin caging the users into a 2FA activation page might be a valid Idea especially since the admin doesnt need to keep track whether a user has a yubi enabled and if he wants to add a new user who has hos own yubi, this wont be possible (except e.g with user database manipulation.

what happens if a user doesnt have yet a key in and that option is on, will it cage the user into the yubikey page until he either signs out or activates a yubi?
or will it just deny the login?

force OTP authentication means that everyone has to include a Yubi, I guess?

so stupid question where is the addon? it was said minutes but it's been six hours and I found nothing yet.
(dont take it badly just wanna try this out)

that's nice to know.

I dunno if you guys check the timestamp (t) of the response, but if yes a tolerance window for that may be helpful so that (for some or another reason) too old validations cant be used but there would be a certain tolerance e.g. for clock drifts and stuff

yeah true. but seriously thanks for planning to put in U2F. putting the actual integration of imscp aside I may be able to help with it.

(I did code some U2F validation stuffs [based around yubico's library] so I can use them on my php sites)

well at least it makes a bit of sense why some packages in debian seem a bit old, a while ago iirc apache couldnt even do http2 in debian (maybe that's still the case, dunno), even though I dont like that.

oh okay, but maybe they even could put 7.1 somewhere in stretch's lifetime.