On Tue, Mar 24, 2009 at 17:25, Robert G. Brown <[email protected]> wrote: > Doing certain classes of work one has to satisfy e.g. banking due > diligence, which tends to be stronger than ordinary cluster due > diligence. One aspect of that security (generally required, quite > independent of whether or not it really increases security) is "strong > authentication", currently held to be multifactor authentication, e.g. > SSH keys AND a one-time password, a password AND biometrics, etc. > > I've got a possible gig set up that may need this and have been > investigating the OTP devices for cost and linux capability. The cost > seems generally to be "high", and while there are a few that are > up-front linux capable, it seems to be really difficult to find a > company that will just sell you a key generator at (say) $10 a pop and > give you a matching piece of software to run on your linux server. > > There are a couple of possible exceptions to pursue in addition to the > e.g. RSA-like solutions with their enormous cost, but I thought I'd > throw it out to the group here too. Is there a straightforward low-cost > way to generate OTP's without ten thousand dollar server software > packages? > > rgb > > Robert G. Brown http://www.phy.duke.edu/~rgb/ > Duke University Dept. of Physics, Box 90305 > Durham, N.C. 27708-0305 > Phone: 1-919-660-2567 Fax: 919-660-2525 email:[email protected]
If you want to spend as little as possible: http://www.cl.cam.ac.uk/~mgk25/otpw.html And if your users don't like typing long random things in, but you still want them to use one-time credentials: http://www.yubico.com/products/yubikey/ Both can be integrated with PAM. Yubikeys go for $25 (less in quantity). Their server side software is Free Software, hosted on Google Code. http://code.google.com/u/simon75j/ _______________________________________________ Beowulf mailing list, [email protected] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
