This plugin adds the user’s e-mail account as a second authentication factor.
After logging in through another authentication module, a one-time code will be generated by the portal and sent to the user’s e-mail address. The user will be prompted for this code in order to finish the login process.
Attention
This plugin will only improve security in situations where the user’s email is not protected by the same password used to login on LemonLDAP::NG. And of course, if the user’s email account is also protected by LemonLDAP::NG, they will not be able to open their mailbox to find out their one-time code.
Before configuring this module, make sure the user’s email address is
correctly fetched from your UserDB plugin and appears in the session
browser. If you want to store the user e-mail in a different session
field than mail
, go to “General Parameters » Advanced parameters »
SMTP” and set the “Session key containing mail address” parameter.
All parameters are configured in “General Parameters » Second factors » Mail second factor”.
On
to activate this module. If a user does
not have an email address, they will encounter an error on login. If
you want to use this plugin only for users who have an email address,
use $mail
(or whatever your e-mail session key is) as the
activation rule.mail_2fcode
HTML template
will be used. The one-time code is stored in the $code
variable