Admin and other security access


I was wondering whether we may already have or will have some of following security methods which are used by to safeguard our MIAB, its ADMIN/DNS section and if possible, email/cloud with 2-factor as well.


Cybercriminals Seized Control of Brazilian Bank for 5 Hours

Security features from

Access Control Lists (ACLs), Event notifications and 2-factor authentication.

  • security information

Click to find out what this section means
Previous Login: April 24, 2017 - 05:58 PM EDT
Current Login From: 145.555.55.5.5

  • 2-Factor Authentication (sms ,email)

2-Factor authentication allows you to add a second authentication challenge to your login.
This will add 2-Factor authentication for ALL logins unless you specify:

from outside your ACL, or
outside your permitted countries
IMPORTANT TO NOTE: If you get LOCKED OUT OF YOUR ACCOUNT because your 2nd factor is lost, compromised or unavailable, the only way to re-instate access it by supplying the answers to your secret questions.
  • Access Control List view | edit

An ACL (Access Control List) allows you to limit access to your account based on the network location.

  • Failed Login Attempts view | clear

Country Based Login Restrictions view | edit

Login restrictions provide an additional layer of security for users by limiting which countries (as reported by GeoIP) a login request can originate from. Login restrictions will prevent access from any country not provided in the list below. This follows the filtering already available in your accounts ACL restrictions.

  • Activity Notifications edit

Domain lock status changes:
Whois modifications:
Nameserver delegations:
DNS updates:
Login Attempts Exceeded:
Delivery method:
Destination address:

  • security information: I am open to adding more info to log files but someone will have to do the work to make it happen.

  • 2-Factor Authentication: I would like to do this but it is hard, same as above.

  • limit access to your account based on the network location: I am open to adding this as an advanced configuration, but someone will have to do the work to make it happen.

  • Failed Login Attempts: I am open to adding more info to log files but someone will have to do the work to make it happen.

  • Country Based Login Restrictions: No.

  • Activity Notifications: I am open to adding this as an advanced configuration, but someone will have to do the work to make it happen.

1 Like

From the full list, 2FA is certainly the most valuable. Unfortunately it is also the one that requires most work. LinOTP would indeed be the best candidate.

Just found out that KDE neon has another way of Two-Factor authenticationi, just a FYI.

Enable/Disable Two-Factor Authentication for kde neon

	KDE Identity supports two-factor authentication to protect your 

Identity account against unauthorized access. Please store a copy of the
security grid for future login attempts by printing or saving a copy of

	Two factor authentication is a method where you protect your login 

with an additional step. KDE has chosen to do this based on a
grid-challenge. The idea is that you combine ‘something that you know’,
with ‘something you got’. The first one is your password, the second is
the grid shown below. The grid used by each person is individual and

	When you try to login into, we will ask for your 

username and password as usual, and after that we will ask for a
coordinate from the grid below, for example D10. You look in the grid,
select column D and row 10. Then you enter the 4 characters you find

	The advantage of all this is that if your password is compromised, 

people cannot login to KDE Identity using your account, because they
don’t have access to your grid. On the other hand, if someone gets to
your grid, they can not access, because they don’t have
your password.


2 Factor authentication is easy with Google Authenticator and Googles server script.

1 Like

Is it possible to give privacyidea a shot

I just read about this for nextcloud a well

Still reading the docs and I see that the authentication in dovecot can work via PAM

1 Like

@jege - What are you talking about? Google Authenticator for 2FA takes 5 minutes to setup… I guess another 30 minutes or so to configure the installer to do an Admin 2FA setup? Which google also has a script for…

1 Like

Great! Look like we have a super coder around! If connecting thru Google or Facebook APIs (some would consider you mad given the loss of privacy/anonimity) is so easy for you, go ahead. It takes you less than 1H? Even better: do a pull request, implement, and send it back in 2 hrs. Please help us and Josh implement it in MIAB in a way that is well tested.

Google Authenticator can be completely disconnected from google’s API though. And hell no on that FB API. The whole reason I am using MIAB is to guard against similar shit that they do. lol I am not saying I am a “super coder”, and I would do the pull request, however, I am currently working on too many projects of my own ( see my site if you would like.

That being said, It wouldn’t be the first time I have done an “add-on” for MIAB I also wrote a quick and dirty external registrator and authentication tool for PHP, as well as a mod to allow MIAB to become a hyper-visor.

I am sorry if I offended, that was not my intention, was just trying to point out a solution that should be simple for someone to implement.

Sorry for the late reply, just got father with a healthy baby boy around that time.
After sleepless nights I try to crawl back to online stuff.

The reason why I suggested privacy idea was with the intention not using external API stuff like Google or FB.
Secondly I have set this up with Nextcloud for some neighbourhood schools and I am extremely happy not relying on Google or FB.

Maybe I misunderstood the idea behind this project but I looked for something self hosted and thought privacy idea kind of fit the 2FA stuff.

+1 for 2-Factor Authentication

Appreciate that this won’t be included for a while, if at all, due to the effort/time required. Just wanted to help with prioritisation :slight_smile:

+1 Google Authenticator.

One can use any app that utilises GA i.e. it’s not dependent on Google infrastructure (or even existence!).

I use Authy for example.