Two-factor Authentication Options?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Jul 15 14:27:46 EDT 2004
>So what options are there in that space?
>
>AFAIK none --- with the standard open source servers. There are
>patches available for MIT to support CRYPTOcard and SecureID. There
>are patches available for Heimdal to support X509 certificates
>(PKINIT).
Just as a note: if you want to go down the token road, SecurID isn't
a good choice, because due to the API provided you don't gain any entropy
that can be used to improve the password. Some sites don't seem to care
about this, but you really do care about solving the crypto problem
with passwords, it's something to think about.
--Ken
More information about the Kerberos
mailing list