On Wed, Jan 31, 2007 at 08:42:43AM -0600, Douglas E. Engert wrote: > What keeps a user from copying the identity token from the USB > device to a local or shared file system to avoid having to insert > the USB device all the time? > > What are the security implications if the identity token is > stolen? > > How does this compare to using cert and key on the USB > device with PKINIT rather then your identity token? > > How does this compare to using a smart card or USB equivelent > of a smartcard with PKINIT? To the user they still have to insert > the card or USB device, and have to enter a pin or password?
You're correct -- softtokens aren't a replacement for real smartcards. That doesn't stop a softtoken from being useful though. Compare softtokens to passphrase-protected ssh private key files in users' home directories :) Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos