From cf310835956b3548aacbef8088c18f20e542e69d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Thu, 7 Apr 2016 14:15:58 +0200 Subject: --- tracker/CSP_too_strict.mdwn | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 tracker/CSP_too_strict.mdwn (limited to 'tracker') diff --git a/tracker/CSP_too_strict.mdwn b/tracker/CSP_too_strict.mdwn new file mode 100644 index 0000000..c195584 --- /dev/null +++ b/tracker/CSP_too_strict.mdwn @@ -0,0 +1,11 @@ +On firefox 45, remote images are not shown in the webmail because of the CSP: + +``` +Content Security Policy: The page's settings blocked the loading of a resource at https://sendy.nitrokey.com/uploads/1431348652.png ("img-src https://mail.fripost.org"). +``` + +Oh wait, that's weird: it seems to block data-urls too: + +``` +Content Security Policy: The page's settings blocked the loading of a resource at data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw== ("img-src https://mail.fripost.org"). +``` -- cgit v1.2.3 From 6e522954ae04a1a0efff0bfd4952cefedeea30d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Thu, 7 Apr 2016 14:18:42 +0200 Subject: --- tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn (limited to 'tracker') diff --git a/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn b/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn new file mode 100644 index 0000000..6e57bb6 --- /dev/null +++ b/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn @@ -0,0 +1,7 @@ +Still in firefox 45, I found this in the console on roundcube: + +``` +Public-Key-Pins: The certificate used by the site was not issued by a certificate in the default root certificate store. To prevent accidental breakage, the specified header was ignored. +``` + +I'm not sure why as Firefox does accept Let's Encrypt certificates otherwise... -- cgit v1.2.3 From 49504f2d0e8bfb55f72ca9d29bb3ab29810e182a Mon Sep 17 00:00:00 2001 From: guilhem Date: Thu, 7 Apr 2016 18:32:37 +0200 Subject: Added a comment: Unreproducible here (Firefox ESR 45.0.1) --- ...ent_1_b4a4c48337c46bc9f2435fe6df8b382e._comment | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 tracker/Public-Key-Pins_not_accepted_by_firefox/comment_1_b4a4c48337c46bc9f2435fe6df8b382e._comment (limited to 'tracker') diff --git a/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_1_b4a4c48337c46bc9f2435fe6df8b382e._comment b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_1_b4a4c48337c46bc9f2435fe6df8b382e._comment new file mode 100644 index 0000000..6a15cd2 --- /dev/null +++ b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_1_b4a4c48337c46bc9f2435fe6df8b382e._comment @@ -0,0 +1,33 @@ +[[!comment format=mdwn + username="guilhem" + avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="Unreproducible here (Firefox ESR 45.0.1)" + date="2016-04-07T16:32:37Z" + content=""" +Keys are properly pinned here + + 1. Close the browser + 2. Remove all mentions of `fripost.org` in `~/.mozilla/firefox//SiteSecurityServiceState.txt`: + + ~$ sed -i -r '/^(\S+\.)?fripost\.org:/d' ~/.mozilla/firefox//SiteSecurityServiceState.txt + + 3. Start the browser (without HSTS or HPKP knowledge for `fripost.org` or any of its subdomains) + 4. Open `https://mail.fripost.org/` in a new tab + 5. (After waiting a few seconds to let firefox flush the data.) The + HSTS policy and the two pins appear in the file: + + ~$ grep -E '^(\S+\.)?fripost\.org:' ~/.mozilla/firefox//SiteSecurityServiceState.txt + mail.fripost.org:HSTS 0 16898 1475812232563,1,1 + mail.fripost.org:HPKP 0 16898 1460047832565,1,0,SHfniMEapxeYo5YT/2jP+n+WstNaYghDMhZUadLlPDk=/Tt92H3ZkfEW1/AOCoGVm1TxZl7u4c+tIBnuvAc7d5w= + + There is no warning in the log, either. + +The root CA (*DST Root CA X3*) appear in Firefox's CA store as a \"Builtin Object Token\", while the intermediate CA (*Let's Encrypt Authority X3*) is supplied by the server and automatically stored by Firefox as a \"Software Security Device\". + +Do you have default settings for the `security.cert_pinning.*` [tunables](https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning)? + + security.cert_pinning.enforcement_level = 1 + security.cert_pinning.process_headers_from_non_builtin_roots = false + +Please also verify that you have no weird non-default tunables for `security.*`. +"""]] -- cgit v1.2.3 From 8ca6c89b6f0148ce0f320e7c784e2c1bee929ad1 Mon Sep 17 00:00:00 2001 From: guilhem Date: Thu, 7 Apr 2016 19:20:07 +0200 Subject: done --- tracker/CSP_too_strict.mdwn | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tracker') diff --git a/tracker/CSP_too_strict.mdwn b/tracker/CSP_too_strict.mdwn index c195584..2b27eff 100644 --- a/tracker/CSP_too_strict.mdwn +++ b/tracker/CSP_too_strict.mdwn @@ -9,3 +9,6 @@ Oh wait, that's weird: it seems to block data-urls too: ``` Content Security Policy: The page's settings blocked the loading of a resource at data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw== ("img-src https://mail.fripost.org"). ``` + +I'm not excited about allowing browsers to load images from arbitrary sources, but hopefully roundcube's anti-XSS filter is good enough. I've also checked with the [Email Privacy Tester](https://emailprivacytester.com/) +that other external ressources blocked by the CSP are probably malicious. Let's call that [done](https://git.fripost.org/fripost-ansible/commit/?id=c90ae1fe9d40a0271844d321a7a54ee219735ccf). -- [[guilhem]] -- cgit v1.2.3 From e53be466f921b89ef475543434fafa5e9d89c3de Mon Sep 17 00:00:00 2001 From: guilhem Date: Thu, 7 Apr 2016 19:28:18 +0200 Subject: really close --- tracker/CSP_too_strict.mdwn | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tracker') diff --git a/tracker/CSP_too_strict.mdwn b/tracker/CSP_too_strict.mdwn index 2b27eff..308754d 100644 --- a/tracker/CSP_too_strict.mdwn +++ b/tracker/CSP_too_strict.mdwn @@ -10,5 +10,6 @@ Oh wait, that's weird: it seems to block data-urls too: Content Security Policy: The page's settings blocked the loading of a resource at data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw== ("img-src https://mail.fripost.org"). ``` -I'm not excited about allowing browsers to load images from arbitrary sources, but hopefully roundcube's anti-XSS filter is good enough. I've also checked with the [Email Privacy Tester](https://emailprivacytester.com/) -that other external ressources blocked by the CSP are probably malicious. Let's call that [done](https://git.fripost.org/fripost-ansible/commit/?id=c90ae1fe9d40a0271844d321a7a54ee219735ccf). -- [[guilhem]] +I'm not too excited about allowing browsers to load images from arbitrary sources, but [did it anyway](https://git.fripost.org/fripost-ansible/commit/?id=c90ae1fe9d40a0271844d321a7a54ee219735ccf) with the hope that roundcube's anti-XSS filter is good enough. +I've also checked with the [Email Privacy Tester](https://emailprivacytester.com/) that other external resources blocked by the CSP are probably malicious. +[[closed]]. -- [[guilhem]] -- cgit v1.2.3 From d1ff296b501420dde7c8f4f7d1d6a0b6433304c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Fri, 8 Apr 2016 11:50:11 +0200 Subject: Added a comment: Still a problem with http urls --- .../comment_2_4156da3309262dc53fff06dbbbcbb30c._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment (limited to 'tracker') diff --git a/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment new file mode 100644 index 0000000..ce90b13 --- /dev/null +++ b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="Still a problem with http urls" + date="2016-04-08T09:50:11Z" + content=""" +Now some of the images work but not all. According to Firefox' console, http URLs are upgraded to https which may not work all the time. + +I don't know if it is possible but a better way to do this may be to use roundcube as a proxy for images and other inline content? +"""]] -- cgit v1.2.3 From 2048df04b79c9af07287d99ee7d627dd32d9849c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 8 Apr 2016 14:06:10 +0200 Subject: =?UTF-8?q?Move=20Gr=C3=A9goire's=20comment=20to=20the=20right=20t?= =?UTF-8?q?icket.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../comment_1_4156da3309262dc53fff06dbbbcbb30c._comment | 10 ++++++++++ .../comment_2_4156da3309262dc53fff06dbbbcbb30c._comment | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment delete mode 100644 tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment (limited to 'tracker') diff --git a/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment b/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment new file mode 100644 index 0000000..ce90b13 --- /dev/null +++ b/tracker/CSP_too_strict/comment_1_4156da3309262dc53fff06dbbbcbb30c._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="Still a problem with http urls" + date="2016-04-08T09:50:11Z" + content=""" +Now some of the images work but not all. According to Firefox' console, http URLs are upgraded to https which may not work all the time. + +I don't know if it is possible but a better way to do this may be to use roundcube as a proxy for images and other inline content? +"""]] diff --git a/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment deleted file mode 100644 index ce90b13..0000000 --- a/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_4156da3309262dc53fff06dbbbcbb30c._comment +++ /dev/null @@ -1,10 +0,0 @@ -[[!comment format=mdwn - username="Grégoire" - avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" - subject="Still a problem with http urls" - date="2016-04-08T09:50:11Z" - content=""" -Now some of the images work but not all. According to Firefox' console, http URLs are upgraded to https which may not work all the time. - -I don't know if it is possible but a better way to do this may be to use roundcube as a proxy for images and other inline content? -"""]] -- cgit v1.2.3 From f6343eda1e951a5ea2b0e62f2ffc75fc825e8448 Mon Sep 17 00:00:00 2001 From: guilhem Date: Fri, 8 Apr 2016 14:14:46 +0200 Subject: Added a comment: Further weakened the Content-Security-Policy --- .../comment_2_01c8f3bc631f9ddecb109455233d6f09._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment (limited to 'tracker') diff --git a/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment b/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment new file mode 100644 index 0000000..c6df409 --- /dev/null +++ b/tracker/CSP_too_strict/comment_2_01c8f3bc631f9ddecb109455233d6f09._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="guilhem" + avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="Further weakened the Content-Security-Policy" + date="2016-04-08T12:14:46Z" + content=""" +Alright, just [removed](https://git.fripost.org/fripost-ansible/commit/?id=e370313ad5895871479fffc922e3c72c0375dbf2) [`upgrade-insecure-requests`](https://www.w3.org/TR/upgrade-insecure-requests/#upgrade-insecure-requests) and [`block-all-mixed-content`](https://www.w3.org/TR/mixed-content/#block_all_mixed_content) from the CSP. Again, with the hope that Roundcube's built-in filter is tight enough by default… +"""]] -- cgit v1.2.3 From d4c69bf473d62e8966d58dd3b174fda7037bc065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Fri, 8 Apr 2016 15:00:11 +0200 Subject: Added a comment: Whoops, not your fault ;-) --- .../comment_2_1f3c32a22218d2a016f0bf97cc3f04b8._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_1f3c32a22218d2a016f0bf97cc3f04b8._comment (limited to 'tracker') diff --git a/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_1f3c32a22218d2a016f0bf97cc3f04b8._comment b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_1f3c32a22218d2a016f0bf97cc3f04b8._comment new file mode 100644 index 0000000..85e2da6 --- /dev/null +++ b/tracker/Public-Key-Pins_not_accepted_by_firefox/comment_2_1f3c32a22218d2a016f0bf97cc3f04b8._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="Whoops, not your fault ;-)" + date="2016-04-08T13:00:11Z" + content=""" +I looked into it a bit more and it seems that it's a bug in Firefox in fedora (something to do with the nss library being different). + +Sorry about the noise. +"""]] -- cgit v1.2.3 From c0f24b29dba8032f0ce24a063c7841fd97de473a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Fri, 8 Apr 2016 15:00:50 +0200 Subject: --- tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tracker') diff --git a/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn b/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn index 6e57bb6..d7245cc 100644 --- a/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn +++ b/tracker/Public-Key-Pins_not_accepted_by_firefox.mdwn @@ -5,3 +5,5 @@ Public-Key-Pins: The certificate used by the site was not issued by a certificat ``` I'm not sure why as Firefox does accept Let's Encrypt certificates otherwise... + +[[closed]] -- cgit v1.2.3 From e44933421b356db9a49fe73be7ff661bb5bab364 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Fri, 8 Apr 2016 15:30:16 +0200 Subject: Added a comment --- .../comment_3_d0893142a031072c638d1e36b17aefe3._comment | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment (limited to 'tracker') diff --git a/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment b/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment new file mode 100644 index 0000000..3c53e3c --- /dev/null +++ b/tracker/CSP_too_strict/comment_3_d0893142a031072c638d1e36b17aefe3._comment @@ -0,0 +1,12 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="comment 3" + date="2016-04-08T13:30:16Z" + content=""" +I understand your frustration... + +I found that someone openned an related issue agains Roundcube about this almost exactly 2 years ago: [Image proxy #5099](https://github.com/roundcube/roundcubemail/issues/5099). It doesn't seem to be considered high prirority and I can understand as it's probably not an easy thing to get right. + +An other interesting way to fix this would be to have at tool that inlines all the images in an email (turn the remote images into data urls) which you would run on all incomming messages (maybe using sieve?). The only problem is that it might considerably blow-up the size of your mailboxes but given the benefits, it might be worth a try. +"""]] -- cgit v1.2.3 From c62cbdde592f740cdc409ba9e59e49a7ddc5feca Mon Sep 17 00:00:00 2001 From: guilhem Date: Fri, 8 Apr 2016 15:39:39 +0200 Subject: Added a comment --- .../comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment (limited to 'tracker') diff --git a/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment b/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment new file mode 100644 index 0000000..144ef97 --- /dev/null +++ b/tracker/CSP_too_strict/comment_4_b794220c7ed0f1b16daf3dd2970644d8._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="guilhem" + avatar="https://seccdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="comment 4" + date="2016-04-08T13:39:39Z" + content=""" +Would be nice to have such proxy, indeed. Beside the mailbox overhead, another downside of the sieve hack is that this would invalidate all integrity checking such as DKIM or OpenPGP. +"""]] -- cgit v1.2.3 From 7a6d444219ba6b3a42fece459414cc715db0a339 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 22 May 2016 02:39:20 +0200 Subject: Change link formats from [[link|url]] to [link](url). --- ...r_certificates_for_lists.f.o__044___wiki.f.o__044___and_git.f.o.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tracker') diff --git a/tracker/use_proper_certificates_for_lists.f.o__044___wiki.f.o__044___and_git.f.o.mdwn b/tracker/use_proper_certificates_for_lists.f.o__044___wiki.f.o__044___and_git.f.o.mdwn index 042a2d0..03a6f3d 100644 --- a/tracker/use_proper_certificates_for_lists.f.o__044___wiki.f.o__044___and_git.f.o.mdwn +++ b/tracker/use_proper_certificates_for_lists.f.o__044___wiki.f.o__044___and_git.f.o.mdwn @@ -1,3 +1,3 @@ Maybe a certificate signed by [CAcert](https://wiki.cacert.org/) would be enough (unless the wiki is gonna be used to power the site...) -[[Done]]. The certificates of [[our public services|https://fripost.org/certs/]] are now all issued by [[Let's Encrypt|https://letsencrypt.org]]. +[[Done]]. The certificates of [our public services](https://fripost.org/certs/) are now all issued by [Let's Encrypt](https://letsencrypt.org). -- cgit v1.2.3 From 4312f837ddd589ef5cc81443d46f916e553c09da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Fri, 16 Dec 2016 13:03:52 +0100 Subject: Added a comment: Ping --- .../comment_1_ae7383a784c52817db9238cd08d1847e._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 tracker/Install_keyboard_shortcuts_on_roundcube/comment_1_ae7383a784c52817db9238cd08d1847e._comment (limited to 'tracker') diff --git a/tracker/Install_keyboard_shortcuts_on_roundcube/comment_1_ae7383a784c52817db9238cd08d1847e._comment b/tracker/Install_keyboard_shortcuts_on_roundcube/comment_1_ae7383a784c52817db9238cd08d1847e._comment new file mode 100644 index 0000000..26adcd6 --- /dev/null +++ b/tracker/Install_keyboard_shortcuts_on_roundcube/comment_1_ae7383a784c52817db9238cd08d1847e._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="Grégoire" + avatar="https://seccdn.libravatar.org/avatar/5ed039572e7af206cbc97a7c59dcb0ad" + subject="Ping" + date="2016-12-16T12:03:52Z" + content=""" +😉 +"""]] -- cgit v1.2.3 From 779a0449677dc6617e06b7f9869e8236ebc4ad93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire?= Date: Fri, 16 Dec 2016 13:27:25 +0100 Subject: --- ...t_members_to_log_into_the_wiki_using_their_fripost_credentials.mdwn | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tracker/Allow_fripost_members_to_log_into_the_wiki_using_their_fripost_credentials.mdwn (limited to 'tracker') diff --git a/tracker/Allow_fripost_members_to_log_into_the_wiki_using_their_fripost_credentials.mdwn b/tracker/Allow_fripost_members_to_log_into_the_wiki_using_their_fripost_credentials.mdwn new file mode 100644 index 0000000..43481a8 --- /dev/null +++ b/tracker/Allow_fripost_members_to_log_into_the_wiki_using_their_fripost_credentials.mdwn @@ -0,0 +1,3 @@ +Right now, it supports using google, yahoo and other companies (is anyone still using AOL???) but not fripost. + +I don't know if ikiwiki supports ldap but it seems to support OpenID so a way to implement this could be to have an openid identity provider at fripost. -- cgit v1.2.3