Hi all,

this morning I got informed that my employer will ramp down one-time-
password OTP via SMS. We should use "microsoft authenticator" only.

So, can someone point me to a Linux (open source) alternative, which can
do the job as a two-factor one-time-password app?

Many thanks in advance!

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm

On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
> this morning I got informed that my employer will ramp down one-time-
> password OTP via SMS. We should use "microsoft authenticator" only.
> So, can someone point me to a Linux (open source) alternative, which can
> do the job as a two-factor one-time-password app?

I have no experience with it.
https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a
indicates it uses the time-based one-time password (TOTP) standard.

After a search on description in rpmdrake (click on the magnifying glass, select
description, then do the search) for TOTP, it looks like oath-toolkit may do the
job but I have no idea how to use it.

Regards, Dave Hodgins

On Wed, 09 Mar 2022 13:19:21 -0500, David W. Hodgins wrote:
> On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
>> this morning I got informed that my employer will ramp down one-time-
>> password OTP via SMS. We should use "microsoft authenticator" only.
>> So, can someone point me to a Linux (open source) alternative, which can
>> do the job as a two-factor one-time-password app?
>
> I have no experience with it.
> https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a
> indicates it uses the time-based one-time password (TOTP) standard.
>
> After a search on description in rpmdrake (click on the magnifying glass, select
> description, then do the search) for TOTP, it looks like oath-toolkit may do the
> job but I have no idea how to use it.

> Regards, Dave Hodgins

On May 30, gmail will require the 2 factor auth. Any chance you could
get a packager/dev to get a fetchmail 7 that can use the auth2 package.

http://mmogilvi.users.sourceforge.net/software/oauthbearer.html

On 3/9/22 22:40, Bit Twister wrote:
> On Wed, 09 Mar 2022 13:19:21 -0500, David W. Hodgins wrote:
>> On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
>>> this morning I got informed that my employer will ramp down one-time-
>>> password OTP via SMS. We should use "microsoft authenticator" only.
>>> So, can someone point me to a Linux (open source) alternative, which can
>>> do the job as a two-factor one-time-password app?
>>
>> I have no experience with it.
>> https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a
>> indicates it uses the time-based one-time password (TOTP) standard.
>>
>> After a search on description in rpmdrake (click on the magnifying glass, select
>> description, then do the search) for TOTP, it looks like oath-toolkit may do the
>> job but I have no idea how to use it.
>
>> Regards, Dave Hodgins
>
> On May 30, gmail will require the 2 factor auth. Any chance you could
> get a packager/dev to get a fetchmail 7 that can use the auth2 package.
>
>
> http://mmogilvi.users.sourceforge.net/software/oauthbearer.html

I don't know if it will help with the OP's problem, but FWIW Thunderbird
is supposed to be able to use Oauth2 authentication with gmail.

https://www.supertechcrew.com/thunderbird-oauth2-gmail/

I haven't tried to convert from the old way yet (I really should get on
that), so I can't say for sure that the above information is correct
specifically for gmail. But, I had to do the same thing with my yahoo
account a year(?) ago, and it works just fine with that.

TJ

On Thu, 10 Mar 2022 09:59:40 -0500, TJ wrote:
> On 3/9/22 22:40, Bit Twister wrote:
>> On Wed, 09 Mar 2022 13:19:21 -0500, David W. Hodgins wrote:
>>> On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
>>>> this morning I got informed that my employer will ramp down one-time-
>>>> password OTP via SMS. We should use "microsoft authenticator" only.
>>>> So, can someone point me to a Linux (open source) alternative, which can
>>>> do the job as a two-factor one-time-password app?
>>>
>>> I have no experience with it.
>>> https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a
>>> indicates it uses the time-based one-time password (TOTP) standard.
>>>
>>> After a search on description in rpmdrake (click on the magnifying glass, select
>>> description, then do the search) for TOTP, it looks like oath-toolkit may do the
>>> job but I have no idea how to use it.
>>
>>> Regards, Dave Hodgins
>>
>> On May 30, gmail will require the 2 factor auth. Any chance you could
>> get a packager/dev to get a fetchmail 7 that can use the auth2 package.
>>
>>
>> http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
>
> I don't know if it will help with the OP's problem, but FWIW Thunderbird
> is supposed to be able to use Oauth2 authentication with gmail.
>
> https://www.supertechcrew.com/thunderbird-oauth2-gmail/
>
> I haven't tried to convert from the old way yet (I really should get on
> that), so I can't say for sure that the above information is correct
> specifically for gmail. But, I had to do the same thing with my yahoo
> account a year(?) ago, and it works just fine with that.

I have several email accounts and it was nice to have cron jobs using
fetchmail to pop up an xnessage indicating I have mail to read here on my
system rather than having manually use the browser/thunderbird to check for mail.

I too was having to use thunderbird to read yahoo mail.
Currently using claws-email where possible.
Going to be a bit upset if it is going to fail on all my gmail accounts.

Noticed the above link had indicated there were auth patches for fetchmail
so I would assume it would be a easy test to verify still worked with the
patch installed.

On Wed, 09 Mar 2022 22:40:46 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:

> On Wed, 09 Mar 2022 13:19:21 -0500, David W. Hodgins wrote:
>> On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
>>> this morning I got informed that my employer will ramp down one-time-
>>> password OTP via SMS. We should use "microsoft authenticator" only.
>>> So, can someone point me to a Linux (open source) alternative, which can
>>> do the job as a two-factor one-time-password app?
>>
>> I have no experience with it.
>> https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a
>> indicates it uses the time-based one-time password (TOTP) standard.
>>
>> After a search on description in rpmdrake (click on the magnifying glass, select
>> description, then do the search) for TOTP, it looks like oath-toolkit may do the
>> job but I have no idea how to use it.
>
>> Regards, Dave Hodgins
>
> On May 30, gmail will require the 2 factor auth. Any chance you could
> get a packager/dev to get a fetchmail 7 that can use the auth2 package.
>
> http://mmogilvi.users.sourceforge.net/software/oauthbearer.html

I've asked for it. https://bugs.mageia.org/show_bug.cgi?id=30146
Hopefully the fetchmail packager will choose to take it on.

Regards, Dave Hodgins

On Thu, 10 Mar 2022 21:48:14 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
> I have several email accounts and it was nice to have cron jobs using
> fetchmail to pop up an xnessage indicating I have mail to read here on my
> system rather than having manually use the browser/thunderbird to check for mail.

As I just posted, the bug request has been filed.

> I too was having to use thunderbird to read yahoo mail.

Just tested my yahoo account that I haven't touched in years. Opera 12.16 was
able to download a couple of message (old yahoo announcements), but it can
not send messages. This Mageia 4 opera package does not use oauth2.

> Currently using claws-email where possible.
> Going to be a bit upset if it is going to fail on all my gmail accounts.
>
> Noticed the above link had indicated there were auth patches for fetchmail
> so I would assume it would be a easy test to verify still worked with the
> patch installed.

If necessary, I'll change all of my online accounts (around 60 of them) to my
teksavvy.com (my isp) address which hasn't announced any intention of switching
to oauth2. If the packager agrees to make the fetchmail changes in time, that would
be much better.

My landline doesn't work for sms messages, and I don't have or want a cell phone.

Regards, Dave Hodgins

On Thu, 10 Mar 2022 22:33:54 -0500, David W. Hodgins wrote:
> On Wed, 09 Mar 2022 22:40:46 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
>
>> On Wed, 09 Mar 2022 13:19:21 -0500, David W. Hodgins wrote:
>>> On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
>>>> this morning I got informed that my employer will ramp down one-time-
>>>> password OTP via SMS. We should use "microsoft authenticator" only.
>>>> So, can someone point me to a Linux (open source) alternative, which can
>>>> do the job as a two-factor one-time-password app?
>>>
>>> I have no experience with it.
>>> https://support.microsoft.com/en-us/account-billing/download-and-install-the-microsoft-authenticator-app-351498fc-850a-45da-b7b6-27e523b8702a
>>> indicates it uses the time-based one-time password (TOTP) standard.
>>>
>>> After a search on description in rpmdrake (click on the magnifying glass, select
>>> description, then do the search) for TOTP, it looks like oath-toolkit may do the
>>> job but I have no idea how to use it.
>>
>>> Regards, Dave Hodgins
>>
>> On May 30, gmail will require the 2 factor auth. Any chance you could
>> get a packager/dev to get a fetchmail 7 that can use the auth2 package.
>>
>> http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
>
> I've asked for it. https://bugs.mageia.org/show_bug.cgi?id=30146
> Hopefully the fetchmail packager will choose to take it on.
>

Thank you. I tried to log in to add me to notifications and
I am unable to login. I can not find any way to request a reset.
Any suggestions?

On Thu, 10 Mar 2022 23:34:52 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
> Thank you. I tried to log in to add me to notifications and
> I am unable to login. I can not find any way to request a reset.
> Any suggestions?

I just logged out/in with no problems. A password reset request can be done at
https://identity.mageia.org/forgot_password

Regards, Dave Hodgins

On Fri, 11 Mar 2022 00:14:13 -0500, David W. Hodgins wrote:
> On Thu, 10 Mar 2022 23:34:52 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
>> Thank you. I tried to log in to add me to notifications and
>> I am unable to login. I can not find any way to request a reset.
>> Any suggestions?
>
> I just logged out/in with no problems. A password reset request can be done at
> https://identity.mageia.org/forgot_password
>
> Regards, Dave Hodgins

It would be nice if they had a reset password link on the login page.
I would have create a bug request but I am sooo lucky.
Did the password change 3 times and none are working. :(

id/pw pasted in by mouse so not a typing problem.

On Fri, 11 Mar 2022 01:13:17 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
> It would be nice if they had a reset password link on the login page.
> I would have create a bug request but I am sooo lucky.
> Did the password change 3 times and none are working. :(
>
> id/pw pasted in by mouse so not a typing problem.

I can't do mine myself as I have some svn and git privileges, which means i need
to get a sysadmin to do it for me. It's been a long time since I was able to test
it.

IIRC, it takes a few minutes after resetting the password on identity.mageia.org
before bugzilla's password db gets synced with the ldap server.

I think most of the services that use the password use ldap, but bugilla has it's
own db that has to be synced. Try resetting the password again, but wait 10 minutes
or so after reseting it before trying it on bugzilla.

Regards, Dave Hodgins

On Fri, 11 Mar 2022 01:40:05 -0500, David W. Hodgins wrote:
> On Fri, 11 Mar 2022 01:13:17 -0500, Bit Twister <BitTwister@mouse-potato.com> wrote:
>> It would be nice if they had a reset password link on the login page.
>> I would have create a bug request but I am sooo lucky.
>> Did the password change 3 times and none are working. :(
>>
>> id/pw pasted in by mouse so not a typing problem.
>
> I can't do mine myself as I have some svn and git privileges, which means i need
> to get a sysadmin to do it for me. It's been a long time since I was able to test
> it.
>
> IIRC, it takes a few minutes after resetting the password on identity.mageia.org
> before bugzilla's password db gets synced with the ldap server.
>
> I think most of the services that use the password use ldap, but bugilla has it's
> own db that has to be synced. Try resetting the password again, but wait 10 minutes
> or so after reseting it before trying it on bugzilla.

Nope not happening, Tried the previous passwords no go.
Just tried again with new password and still fails.
My luck something is stuck and password reset is failing to go through.

On Wed, 09 Mar 2022 13:19:21 -0500 David W. Hodgins wrote:

> On Wed, 09 Mar 2022 08:02:32 -0500, Markus Robert Kessler
> <no_reply@dipl-ing-kessler.de> wrote:
>> this morning I got informed that my employer will ramp down one-time-
>> password OTP via SMS. We should use "microsoft authenticator" only.
>> So, can someone point me to a Linux (open source) alternative, which
>> can do the job as a two-factor one-time-password app?
>
> I have no experience with it.
> https://support.microsoft.com/en-us/account-billing/download-and-
install-the-microsoft-authenticator-app-351498fc-850a-45da-
b7b6-27e523b8702a
> indicates it uses the time-based one-time password (TOTP) standard.
>
> After a search on description in rpmdrake (click on the magnifying
> glass, select description, then do the search) for TOTP, it looks like
> oath-toolkit may do the job but I have no idea how to use it.
>
> Regards, Dave Hodgins

Hi Dave,

many thanks for your hint!

oathtool indeed does the job, though it was not possible to authenticate
as "microsoft authenticator". This always went wrong.
But, there is a second option for Outlook Web and Teams, "use different
authenticator", which seems to be a more generic solution, and this
method works together with oathtool.

Thanks again,
best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm

On Fri, 11 Mar 2022 10:05:47 -0500, Markus Robert Kessler <no_reply@dipl-ing-kessler.de> wrote:
> oathtool indeed does the job, though it was not possible to authenticate
> as "microsoft authenticator". This always went wrong.
> But, there is a second option for Outlook Web and Teams, "use different
> authenticator", which seems to be a more generic solution, and this
> method works together with oathtool.

Mind sharing what you have configured to get it working? Be sure to munge any
personal info.

Regards, Dave Hodgins

On Fri, 11 Mar 2022 13:28:06 -0500 David W. Hodgins wrote:

> On Fri, 11 Mar 2022 10:05:47 -0500, Markus Robert Kessler
> <no_reply@dipl-ing-kessler.de> wrote:
>> oathtool indeed does the job, though it was not possible to
>> authenticate as "microsoft authenticator". This always went wrong.
>> But, there is a second option for Outlook Web and Teams, "use different
>> authenticator", which seems to be a more generic solution, and this
>> method works together with oathtool.
>
> Mind sharing what you have configured to get it working? Be sure to
> munge any personal info.
>
> Regards, Dave Hodgins

Hi,

I just need to invoke it this way:

oathtool --totp -b 'orig.token.from.micro$oft'

It seems to be in base32-format already when decoding the qr code.

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm