[Koha] Koha and 2 factor authentication

Mike D. black23 at gmail.com
Wed May 16 19:34:40 NZST 2018


Hello,
I use smartphone app or SMS for code authentification. And Yubikey. It's
very cool, but itsn't for free. More problematic PC's are shared at staff
desks. If somebody login "in bacstage" can choose "don't ask on this
computex nex XX days".

BR

Mike

st 16. 5. 2018 v 9:24 odesílatel Hugh Rundle <HughR at brimbank.vic.gov.au>
napsal:

> Even though I think it's a good idea, I'm struggling to think of a
> practical way 2FA could be used in a real life scenario on the staff side
> to be honest, though perhaps in small/specialist libraries it might work.
>
> For OPAC side I think any of the tools mentioned would work fine. I'm not
> familiar with implementing it from the server side but as a 2FA fan it's
> rare to see the actual app specified: usually it's just 'scan this QR
> code'.
>
> For staff side I do think that a hardware solution would be more
> practical. U2F doesn't *have* to use YubiKey, there are plenty of FIDO
> certified authentication products:
> https://fidoalliance.org/certification/fido-certified-products/
>
> Not sure it that's at all helpful...
>
>
> Hugh Rundle
> Library Systems & Resource Coordinator
> Community Learning & Participation
>
> Brimbank City Council
> Brimbank Community and Civic Centre - 301 Hampshire Road, Sunshine
> <https://maps.google.com/?q=301+Hampshire+Road,+Sunshine&entry=gmail&source=g>
>
> T +61 3 9249 4170 <+61%203%209249%204170>
> M +61 437 734 108 <+61%20437%20734%20108>
> F +61 3 9249 4351 <+61%203%209249%204351>
>
> www.brimbank.vic.gov.au
> -----Original Message-----
> From: Koha [mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Narcis
> Garcia
> Sent: Wednesday, 2 May 2018 5:33 PM
> To: koha at lists.katipo.co.nz
> Subject: Re: [Koha] Koha and 2 factor authentication
>
> Any inependent tool (without 3rd parties) is better.
>
>
> El 23/04/18 a les 14:57, Mike D. ha escrit:
> > Hi,
> > What do you think about hardware 2fa tools like Yubikey?
> > Btw great replacement for Google Authentificator is Authy: screen
> > protected by PIN, secure backup.
> >
> > Bye
> >
> > Mike
> > pá 20. 4. 2018 v 15:45 odesílatel Narcis Garcia <informatica at actiu.net
> > <mailto:informatica at actiu.net>> napsal:
> >
> >     More privacy = More freedom
> >     More independent tools = More freedom
> >     Less contract agreements = More transparency for user
> >
> >
> >     El 19/04/18 a les 19:52, Kyle Hall ha escrit:
> >     > There seems to be some interest in adding 2 factor authentication
> >     to Koha.
> >     > We are trying to find out what would be the most practical and
> >     easiest way
> >     > to implement 2fa for Koha combined with what would be most useful
> for
> >     > libraries that would actually *use* 2fa.
> >     >
> >     > The bug report filed for it is
> >     > https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476
> >     >
> >     > Basically, at this point we've come up with two ideas:
> >     > 1) Use Auth::GoogleAuthenticator
> >     > 2) Use PrivacyIdea ( https://www.privacyidea.org/ )
> >     >
> >     > Implementing GoogleAuthenticator would be much simpler I think.
> >     However, my
> >     > thought is the same users that are concerned about 2fa are the
> >     same users
> >     > that are concerned about privacy, and may not be interested in it
> >     simply
> >     > because it means giving at least some data to Google.
> >     >
> >     > PrivacyIdea on the other hand would be more work for both the
> >     developer and
> >     > the system admin since it is a completely separate package that
> would
> >     > require installation and maintenance independent of Koha itself.
> >     However,
> >     > it is also much more powerful and can offer a myriad of 2FA
> >     options that
> >     > GoogleAuthenticator cannot. On the developer side, OTRS which is
> also
> >     > written in Perl has implemented and may or may not have something
> >     useful we
> >     > can crib from it (
> >     >
> >
> https://github.com/privacyidea/privacyidea/tree/master/authmodules/OTRS
> >     ).
> >     >
> >     > So, what does everything think? If you want 2FA, would
> >     GoogleAuthenticator
> >     > be a reasonable solution?
> >     >
> >     > Kyle
> >     >
> >     >
> >     > http://www.kylehall.info
> >     > ByWater Solutions ( http://bywatersolutions.com )
> >     > Meadville Public Library ( http://www.meadvillelibrary.org )
> >     > Crawford County Federated Library System ( http://www.ccfls.org )
> >     > _______________________________________________
> >     > Koha mailing list  http://koha-community.org
> >     > Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
> >     > https://lists.katipo.co.nz/mailman/listinfo/koha
> >     >
> >     _______________________________________________
> >     Koha mailing list  http://koha-community.org
> >     Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
> >     https://lists.katipo.co.nz/mailman/listinfo/koha
> >
> _______________________________________________
> Koha mailing list  http://koha-community.org Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> https://lists.katipo.co.nz/mailman/listinfo/koha
>


More information about the Koha mailing list