We use SECURID here. It works great on 32-bit RedHat Enterprise Linux servers (3, 4, and 5), but not on Redhat Entrprise Linux 5 64 bit servers. RSA support told me it wasn't supported on RHEL 5 at all.
I haven't tried it on other distros. Keith Deterling [email protected] Advisory IT Specialist Unix & Intel Server Services - IBM Account IBM Global Services - Americas Service Delivery – Server Systems Operation Team Essex, Junction, VT 05242 – Bldg. 967 – 1C2009 Tie-Line 8-446-3535 or (802) 769-3535 Fax: (802)-769-4253 (T/L: 8-446-4253) From: Paul Flint <[email protected]> To: [email protected] Date: 10/20/2010 02:00 PM Subject: Re: Interest in One-Time Password tokens? Sent by: Vermont Area Group of Unix Enthusiasts <[email protected]> Greetings, Ah the "one time pad" remember Venona (http://en.wikipedia.org/wiki/Venona_project) This gizmo does indeed sound cool. Far better than the SecureID system. Regards, Paul On Wed, 20 Oct 2010, William Stearns wrote: > Date: Wed, 20 Oct 2010 12:07:10 -0400 > From: William Stearns <[email protected]> > Reply-To: Vermont Area Group of Unix Enthusiasts <[email protected]> > To: [email protected] > Subject: Re: Interest in One-Time Password tokens? > > Good morning, Josh, > > On Tue, 19 Oct 2010, Josh Sled wrote: > >> William Stearns <[email protected]> writes: >>> I'll place an order before the end of October to get them here >>> before November meetings. >> >> As a quick note (and more complete and formal notice will be >> forthcoming): the November VAGUE meeting will be on Wednesday, November >> 10th. > > Perfect - they'll be in before then. > >>> This OTP device looks like an even smaller version of a thumb >>> drive, and also plugs into a USB port. When you press the sole button >>> on the top it acts like a USB keyboard and spits out a single-use 44 >> >> Why couldn't this be provided by free software on my phone? >> >> Of course, a $30 keychain token is much less expensive than a >> new smartphone plus the required cell phone and data plans, >> but we're converging that way anyways? > > It can! > I'm always a fan of fewer devices doing more tasks, and there's > certainly OTP software available for multiple platforms and the iPhone (App > Store/mOTP; not tried it yet). > > A decade of teaching for a security training firm has drilled, among > other concepts, the idea that security devices should be _isolated_. Separate > physical systems, separate VM's, separate network segments, few or no > services to access them, etc. In this case, the Yubikey gives that isolation > quite handily. > The AES key it holds _can't_ come out of the key. At all. Ever. I > can load a new one into it with some customization software, but it's never > coming out. > Cheers, > - Bill > > --------------------------------------------------------------------------- > "I give up, how DO you keep a mathematician busy for 350 years?" > -- Pierre de Fermat's friend > (Courtesy of Tim Connors <[email protected]>) > -------------------------------------------------------------------------- > William Stearns ([email protected], tools and papers: www.stearns.org) > Top-notch computer security training at www.sans.org , www.giac.net > -------------------------------------------------------------------------- > Kindest Regards, Paul Flint (802) 479-2360 /************************************ Based upon email reliability concerns, please send an acknowledgment in response to this note. Paul Flint Barre Open Systems Institute 17 Averill Street Barre, VT 05641 http://www.bosivt.org http://www.flint.com/home skype: flintinfotech Work: (202) 537-0480 Consilium _ gratuitum .~. ASCII ribbon campaign ( ) valet /V\ against HTML e-mail X quanti /( )\ www.asciiribbon.org / \ numerantur ^^-^^
