[Koha] Koha and 2 factor authentication

Hugh Rundle HughR at brimbank.vic.gov.au
Wed May 16 19:24:03 NZST 2018 

Even though I think it's a good idea, I'm struggling to think of a practical way 2FA could be used in a real life scenario on the staff side to be honest, though perhaps in small/specialist libraries it might work.

For OPAC side I think any of the tools mentioned would work fine. I'm not familiar with implementing it from the server side but as a 2FA fan it's rare to see the actual app specified: usually it's just 'scan this QR code'. 

For staff side I do think that a hardware solution would be more practical. U2F doesn't *have* to use YubiKey, there are plenty of FIDO certified authentication products: https://fidoalliance.org/certification/fido-certified-products/

Not sure it that's at all helpful...


Hugh Rundle
Library Systems & Resource Coordinator
Community Learning & Participation

Brimbank City Council
Brimbank Community and Civic Centre - 301 Hampshire Road, Sunshine

T +61 3 9249 4170
M +61 437 734 108
F +61 3 9249 4351

www.brimbank.vic.gov.au
-----Original Message-----
From: Koha [mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Narcis Garcia
Sent: Wednesday, 2 May 2018 5:33 PM
To: koha at lists.katipo.co.nz
Subject: Re: [Koha] Koha and 2 factor authentication

Any inependent tool (without 3rd parties) is better.


El 23/04/18 a les 14:57, Mike D. ha escrit:
> Hi,
> What do you think about hardware 2fa tools like Yubikey?
> Btw great replacement for Google Authentificator is Authy: screen 
> protected by PIN, secure backup.
> 
> Bye
> 
> Mike
> pá 20. 4. 2018 v 15:45 odesílatel Narcis Garcia <informatica at actiu.net 
> <mailto:informatica at actiu.net>> napsal:
> 
>     More privacy = More freedom
>     More independent tools = More freedom
>     Less contract agreements = More transparency for user
> 
> 
>     El 19/04/18 a les 19:52, Kyle Hall ha escrit:
>     > There seems to be some interest in adding 2 factor authentication
>     to Koha.
>     > We are trying to find out what would be the most practical and
>     easiest way
>     > to implement 2fa for Koha combined with what would be most useful for
>     > libraries that would actually *use* 2fa.
>     >
>     > The bug report filed for it is
>     > https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476
>     >
>     > Basically, at this point we've come up with two ideas:
>     > 1) Use Auth::GoogleAuthenticator
>     > 2) Use PrivacyIdea ( https://www.privacyidea.org/ )
>     >
>     > Implementing GoogleAuthenticator would be much simpler I think.
>     However, my
>     > thought is the same users that are concerned about 2fa are the
>     same users
>     > that are concerned about privacy, and may not be interested in it
>     simply
>     > because it means giving at least some data to Google.
>     >
>     > PrivacyIdea on the other hand would be more work for both the
>     developer and
>     > the system admin since it is a completely separate package that would
>     > require installation and maintenance independent of Koha itself.
>     However,
>     > it is also much more powerful and can offer a myriad of 2FA
>     options that
>     > GoogleAuthenticator cannot. On the developer side, OTRS which is also
>     > written in Perl has implemented and may or may not have something
>     useful we
>     > can crib from it (
>     >
>     https://github.com/privacyidea/privacyidea/tree/master/authmodules/OTRS
>     ).
>     >
>     > So, what does everything think? If you want 2FA, would
>     GoogleAuthenticator
>     > be a reasonable solution?
>     >
>     > Kyle
>     >
>     >
>     > http://www.kylehall.info
>     > ByWater Solutions ( http://bywatersolutions.com )
>     > Meadville Public Library ( http://www.meadvillelibrary.org )
>     > Crawford County Federated Library System ( http://www.ccfls.org )
>     > _______________________________________________
>     > Koha mailing list  http://koha-community.org
>     > Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
>     > https://lists.katipo.co.nz/mailman/listinfo/koha
>     >
>     _______________________________________________
>     Koha mailing list  http://koha-community.org
>     Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
>     https://lists.katipo.co.nz/mailman/listinfo/koha
> 
_______________________________________________
Koha mailing list  http://koha-community.org Koha at lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha

More information about the Koha mailing list