Two-factor Authentication Options?

Henry B. Hotz hotz at jpl.nasa.gov
Thu Jul 15 15:15:45 EDT 2004


Given all the issues I didn't want to get into, maybe I shouldn't have  
mentioned SecureID.  Since I did mention it, it's good to have your  
caveat on the record.

Just trying to make sure I really know what exists.

On Jul 15, 2004, at 11:27 AM, Ken Hornstein wrote:

>> So what options are there in that space?
>>
>> AFAIK none --- with the standard open source servers.  There are
>> patches available for MIT to support CRYPTOcard and SecureID.  There
>> are patches available for Heimdal to support X509 certificates
>> (PKINIT).
>
> Just as a note: if you want to go down the token road, SecurID isn't
> a good choice, because due to the API provided you don't gain any  
> entropy
> that can be used to improve the password.  Some sites don't seem to  
> care
> about this, but you really do care about solving the crypto problem
> with passwords, it's something to think about.
>
> --Ken
>
>
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu



More information about the Kerberos mailing list