Two-factor Authentication Options?
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Thu Jul 15 14:45:15 EDT 2004
Henry,
The CyberSafe TrustBroker products currently support RSA SecurID, VASCO
Digipass and SecureComputing SafeWord tokens. They also support smart
cards via PKINIT.
Thanks, Tim.
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Henry B. Hotz
Sent: 15 July 2004 19:10
To: kerberos at mit.edu
Subject: Two-factor Authentication Options?
In the long run the Kerberos password is a problem because the human
brain does not obey Moore's law. As I see it the solution is to use
some form of two-factor authentication for the initial ticket exchange.
So what options are there in that space?
AFAIK none --- with the standard open source servers. There are
patches available for MIT to support CRYPTOcard and SecureID. There
are patches available for Heimdal to support X509 certificates
(PKINIT).
Anything else out there?
While I'm on the subject, let me throw out an idea: smart card
authentication that requires an existing tgt to authenticate. The user
first gets an ordinary tgt for smith at REALM. Then (s)he uses that tgt
in conjunction with with the smart card (IF details unspecificed) to
acquire a tgt for either smith/secure at REALM, or smith at SECURE.REALM.
This isn't the forum to discuss a new proposal, but maybe someone knows
of something?
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list