Two-factor Authentication Options?
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Jul 15 15:15:45 EDT 2004
Given all the issues I didn't want to get into, maybe I shouldn't have
mentioned SecureID. Since I did mention it, it's good to have your
caveat on the record.
Just trying to make sure I really know what exists.
On Jul 15, 2004, at 11:27 AM, Ken Hornstein wrote:
>> So what options are there in that space?
>>
>> AFAIK none --- with the standard open source servers. There are
>> patches available for MIT to support CRYPTOcard and SecureID. There
>> are patches available for Heimdal to support X509 certificates
>> (PKINIT).
>
> Just as a note: if you want to go down the token road, SecurID isn't
> a good choice, because due to the API provided you don't gain any
> entropy
> that can be used to improve the password. Some sites don't seem to
> care
> about this, but you really do care about solving the crypto problem
> with passwords, it's something to think about.
>
> --Ken
>
>
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list