> i thinkĀ 2 factor authentication means, 2-way ssl, that is client certificate > verification and ssl.
That is mutual authentication, not 2-factor. 2-factor authentication is a means by which a _user_ presents two credentials (e.g. hardware security token and password) instead of just one (password) to authenticate. This inquiry comes at a very fortuitous time as there is a lot of work going on in this area right now. There is work at present to add support for multi-factor authentication into CAS; http://www.ja-sig.org/wiki/display/CAS/Multi-Factor+Authentication is a good page to follow for developments in this area. As to working implementations, Unicon helped (IIRC) University of California at Berkeley to customize CAS to achieve this. Hopefully someone from Unicon will speak up here on further details. We have achieved what we consider 2-factor auth here at Virginia Tech by setting up CAS for optional SSL/X.509 client auth using an Aladdin eToken security token containing the cert and private key. The user must possess the token (something you have) and know the private key password (something you know) to authenticate. This is relatively easy to do with CAS out of the box; I can elaborate further on the implementation if you're interested. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
