Applicable to:
- Plesk for Linux
Question
Is it possible to enable 2FA (two factor authentication) for Roundcube in Plesk?
Answer
This feature is yet to be implemented in Plesk.
You can vote for this feature with this link: UserVoice: 2FA (two-factor authentication) for webmail, e.g. Google Authenticator for Roundcube login
Most voted features are likely to be implemented.
Use an open source Roundcube plugin like: alexandregz/twofactor_gauthenticator
Use these steps to install the plugin in Plesk Roundcube:
- Connect to the server via SSH
-
Go to the Roundcube plugin folder:
# cd /usr/share/psa-roundcube/plugins
-
Clone the repository:
# git clone https://github.com/alexandregz/twofactor_gauthenticator.git
-
Copy the configuration file:
# cp /usr/share/psa-roundcube/plugins/twofactor_gauthenticator/config.inc.php.dist /usr/share/psa-roundcube/plugins/twofactor_gauthenticator/config.inc.php
-
Open the configuration file and adjust it:
# vi /usr/share/psa-roundcube/plugins/twofactor_gauthenticator/config.inc.php
Edit the "Users allowed to use plugin" section and leave it like this (added info@example.com):
// Users allowed to use plugin (IMPORTANT: other users DON'T have plugin activated). Regex is supported.
$rcmail_config['users_allowed_2FA'] = array('info@example.com', 'administrator@example.com');Note: For example, you can set force_enrollment_users to true to force all users to use 2FA.
-
To enable the plugin, copy the plugin section from the default Roundcube configuration file
/usr/share/psa-roundcube/config/defaults.inc.php# grep "'plugins'" /usr/share/psa-roundcube/config/defaults.inc.php
$config['plugins'] = ['password', 'markasjunk', 'managesieve']; -
Add the copied plugin section from point 6 to the configuration file
/usr/share/psa-roundcube/config/config.local.phpand addtwofactor_gauthenticatorplugin at the end of the list like this:<?php
$config['plugins'] = ['password', 'markasjunk', 'managesieve', 'twofactor_gauthenticator'];Note:Plugins need to be activated in file config.local.php so that the changes you made are not overwritten during an update.
-
Set file permissions:
# chown root:roundcube_sysgroup /usr/share/psa-roundcube/config/config.local.php && chmod 640 /usr/share/psa-roundcube/config/config.local.php
- Log in via the web interface RoundCube, and go to Settings 2-Factor Authentication.
- Follow the instructions on git to configure 2FA
Comments
At point 7 “Add the copied plugin section from point 4 to the configuration file
…” means actually point 6, right?Anyway, it doesn't work. Even if I add it to the defaults.inc.php it just offer “download” in the above section of rc. I dont get it…
Hello,
Thanks for the information. I have corrected the point number to 6 (it was a typo).
Please sign in to leave a comment.