But then private keys are stored unencrypted what does not fulfill
security requirements/concerns of some institutions.
Lukasz
On 4/20/11 12:31 PM, Jim Basney wrote:
Use 'myproxy-init -n' to store the proxy, then myproxy-logon will
require PAM/OTP but not a credential passphrase.
On 4/20/11 1:29 PM, Lukasz Lacinski wrote:
Hi,
Is any way to force MyProxy to work with PAM required and OTP?
When using myproxy-init to store my proxy credential I have to supply a
passphrase to encrypt a private key. Then using myproxy-logon to obtain
a new proxy credential I have to supply that passphrase to decrypt the
private key. Because of the way PAM support is implemented in MyProxy,
the passphrase is used to authenticate against PAM which expects a
current OTP from my CryptoCard. The PAM authentication fails.
How to use myproxy-init and myproxy-logon with MyProxy server using PAM
and OTP?
Redards,
Lukasz
