The direct_login code in RC only allows tokens to live for 10 seconds. Only the IP used to create the token through DA/2222 is allowed to use this token.Ħ) The direct_login/index.php then logs the User into RC and creates the cookies, etc.ħ) The fully tally run in dataskq will check/clear old RoundCube tokens, and old passwd_alt entries. The TOKENHASH file should be delete regardless if it worked or not. There is a 10 second window from the time in the token or the token is denied. Where the TOKENHASH file contains the encoded email,password,client IP, and creation time.Ĥ) DA outputs an auto-submitting form to /roundcube/direct_login/index.phpĥ) The direct_login/index.php reads in the TOKENHASH to ensure it's all correct. var/www/html/roundcube/direct_login/tokens/TOKENHASH With only the created timestamp as additional information, as the is only used as the dovecot passdb, not the user info (which still uses the passwd file)ģ) DA also creates a token file for the RoundCube login: Requires CustomBuild build script at least rev 2148.ġ) When the "Login" URL is clicked for the given email account, a javascript function will post This user and a new random crypted pass is setup in /etc/virtual//passwd_alt, eg:įred:$1$5jhn5mhn$q8oyAqlkAYXd7KJlSRqlY.::::::created=1566594254
directadmin set one_click_webmail_login 1 New feature, found on the E-Mail Accounts page of the User Level, where the "Login" column will show extra characters (arrow and letter) to signify that the one-click login method is enabled.īy default it's disabled (for now), with the internal default being: NOTE: RoundCube 1.3.10 requires version 0.2 of the direct_login module.
UPDATE: Please follow this guide to enable this feature:
0 kommentar(er)
