[Noisebridge-discuss] Two factor auth, not SecureID
wolfprime
wolfprime at gmail.com
Thu Oct 15 22:19:54 UTC 2009
Check out the Yubikey from Yubico http://www.yubico.com/products/yubikey/
I don't have any personal experience with it, but I've heard good things and
it's very open.
-Parker
On Thu, Oct 15, 2009 at 3:17 PM, Dr. Jesus <j at hug.gs> wrote:
> On Thu, Oct 15, 2009 at 2:45 PM, Matt Peterson <matt at peterson.org> wrote:
> > (Since we have an abundant number of sysadmin/neteng/security folks
> > here, I though I'd post my question here - apologies if this is off
> > topic)
> >
> > I've been asked to setup a two-factor authorization system (not for
> > the space ;), traditionally most folks go with RSA SecureID. I'm
> > shying away for this based on horrid outsourced tech support, crufty
> > Java code (their error reporting leaves much to be desired) and above
> > market pricing.
> >
> > It looks like the recent CryptoCard "Blackshield" product is quite
> > nice - modern code <
> http://thesecondfactor.blogspot.com/2008/10/tools-of-development.html
> > >, runs under VMware <
> http://blackshield.cryptocard.com/index.php/bsid-products/bsid-overview/blackshield-new-25
> > > (ironically all these systems seem to prefer running under
> > Windows), and supports the OATH standard (in theory allowing for using
> > any standards following hardware or software token).
> >
> > My particular application is AAA against OpenSSH & Apache. It looks
> > like OpenLDAP can wired into this setup too, which would be great
> > too. My query is to see which system/tokens folks prefer in a Linux
> > environment, cost structure and support. Thanks.
>
> http://www.phonefactor.com/
>
> The Windows-based agent has RADIUS support. Point PAM at the RADIUS
> gateway and you're good to go. You can also write your own PAM module
> using their web SDK and avoid Windows entirely.
>
> The one big differentiator that phonefactor has is that it's
> tokenless, so all the usual token management hassles simply go away
> with their product. The mobile phones that are usually used as the
> "tokens" also often have some kind of location tracking these days,
> which enables features like reliable geofencing in a custom
> deployment.
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091015/4d31b9c8/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list