In all the tiny clusters I've managed so far I've had primitive (I think) access control by strong [sic] passwords. How practical is it for a small HPC setup to think about rolling out a two-factor, one-time-password system?
[I apologize if this might be somewhat offtopic for HPC;it could be termed a generic Linux logon problem but I couldn't find many leads in my typical linux.misc group.] I've used RSA type cards in the past for accessing larger supercomputing environments and they seem fairly secure but I suspect that kind of setup is too large (expensive, proprietary, complicated) for us. Are there any good open source alternatives? The actual time-seeded random-number generation key fobs seem pretty cheap (less than $20 a piece e.g. http://www.yubico.com/products/yubikey/ ). So the hardware is OK but I still need the backend software to tie it in to /etc/passwd or PAM or some such mechanism. The software I found was either Win-based or catered to apache or email etc. I did find VASCO and CryptoCard but am not sure they are the right fit. I looked around at open source but couldn't find much. Are other sys-admins using some form of OTP. What options do I have? Of course, I know that OTP and two-factor is not some magic bullet that makes my security watertight; but I still think its more secure than static user passwords. -- Rahul _______________________________________________ Beowulf mailing list, [email protected] sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
