Using passwords for authentication has its caveats. Strong passwords are hard to remember, while weak ones are easily guessed. Once you have to keep track of dozens of passwords, committing them all to memory becomes unfeasible; you start writing them down (images of a passwords written on post-it notes stuck to the monitor make security specialists wake up in cold sweat), or reusing the same password for different services (even if it is a good one, recycling a password is far from ideal). Using a special application like 1password is always an option, but some may baulk at the $50 it costs to use the version for Mac. All this makes one wonder: how do I reduce the number of passwords I need to remember without putting security in jeopardy?Starting with version 12, Plesk comes with a number of features enabling you to log in to the panel without using passwords. Most of the authentication schemes described further are enabled by Plesk extensions. To install one of those, log in to Plesk, click Extensions in the left-hand menu, and then click Extensions Catalog. In this article I will be providing links to the Extensions Catalog website to make it easier to find the extensions I will be talking about.
Authentication Schemes in Plesk – just say No to passwords
LDAP AuthI would like to begin with probably the least complicated authentication scheme extension on the menu today – one called LDAP Auth. It enables users to authenticate via LDAP. To make use of the extension the client must have been created in Plesk and must not be suspended.Once the extension has been installed, open its settings and specify the hostname and the login prefix. The following screenshot illustrates the scenario with Active Directory integration.We are actively using this extension on Plesk boxes within the company.
Social AuthorizationThe next extension I’d like to talk about is called Social Auth. It enables authentication via various social networks. From the administrator’s standpoint configuring this extension takes some effort, but the end result is worth it.For example, let us set up authentication scheme via the Google Account service. Note that we are not setting up integration with each and every individual service; we use the oneall.com aggregator instead. In most cases this lets us achieve the desired result much more quickly and easily. Register an oneall.com account, configure the required service (or services), and then enable authentication, specify the oneall keys, and choose the desired services in the extension settings in Plesk:Once you have finished setting up the extension, extra buttons for logging in using the social networks will appear on the login page.I am using this extension a lot on Plesk servers I administer that are located outside the company network.
Google AuthenticatorTwo-factor authentication scheme is facilitated by the Google Authenticator extension.To make use of it you need to install the Google Authenticator application on your smartphone. Afterwards install the extension in Plesk and enable it. To configure the extension, first scan the QR code with your smartphone:When you try logging into the panel, you will be prompted for a verification code. Refer to the Google Authenticator application you have installed on your phone to obtain the code.
Plesk Utility – login commandThe plesk command line utility is used to wrap other Plesk command line utilities. With
plesk login [USERNAME]a one-time login link for the specified user will be created. If no user is specified, the link for Plesk administrator is generated. The generated links can be used only once and become invalid after 24 hours since the generation time.Read the documentation to learn more about Plesk Utitility.