[Thinlinc-technical] Multi factor auth

Peter Åstrand astrand at cendio.se
Thu Sep 5 13:59:20 CEST 2013


Most if not all smart card readers should work, assuming that the client 
OS has drivers for them. If you are running Linux on the client, you 
probably want to check out:

http://pcsclite.alioth.debian.org/ccid/supported.html

For example, I like the OMNIKEY AG CardMan 3021 
(http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x076B0x3021).

If you are going for a keyboard with built in smart card reader, we 
suggest that you choose one where the card is inserted from the top (ie 
http://pcsclite.alioth.debian.org/ccid/supported.html#0x046A0x0010) rather 
than one where the card is inserted from the side (which is the case 
with some HP keyboards).

Rgds,
Peter

On Thu, 5 Sep 2013, Leigh Porter wrote:

> 
> Thanks, what smart card readers do you have?r
>
> Why has outlook stopped correctly formatting these followups?
>
> Thanks,
> Leigh Port
>
> Hi! There are several options:
>
> There are several One Time Password solutions, including RSA SecurID, Yubikey, Nordic Edge/McAfee OTP server and others. However, since ThinLinc uses a distributed architecture where clients first connect to the master machine, then does a second connection to the target server, this means that two authenications are necessary. So if you are using OTP solutions, you must account for this: Either arrange for two different OTPs (for example, pressing the Yubikey button twice), or configure the system to allow using the same OTP twice. This can be done with, for example, a RADIUS Token Caching Server. Some solutions, including some editions of the Nordic Edge OTP server, has had built in support for this. But it was a while since I looked at this.
>
> Another common solution is of course smart cards. We have invested quite a lot in smart card support. Basic support for smart card authentication was added a long time ago, in version 2.0.0. In the latest version, there are several features such as support for using the certificate subject name as username, automatically connect when a card is inserted (and disconnect when you pull the card), certificate filters etc. The client has built in support for PKCS#15 cards. If you have other types of cards, it is necessary to acquire a suitable PKCS#11 compatible middleware module, and configure the ThinLinc Client to use that.
>
> Regards,
> Peter Astrand
>
> On Wed, 4 Sep 2013, Leigh Porter wrote:
>
>>
>> Oops I managed to send this from the wrong account. Tut.
>>
>> --
>> Leigh Porter
>>
>>
>> On 4 Sep 2013, at 07:30, "Leigh Porter" <leigh at leighporter.org> wrote:
>>
>>> Hi all,
>>>
>>> What are people using for multi factor auth?
>>>
>>> My rays have smart cards which work well, I could do with something for thinlinc as well.
>>>
>>> Thanks!
>>>
>>> --
>>> Leigh Porter
>>>
>>> _______________________________________________
>>> Thinlinc-technical mailing list
>>> Thinlinc-technical at lists.cendio.se
>>> Manage your subscription:
>>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>>
>>> _____________________________________________________________________
>>> _ This email has been scanned by the Symantec Email Security.cloud
>>> service.
>>> For more information please visit http://www.symanteccloud.com
>>> _____________________________________________________________________
>>> _
>>
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> ______________________________________________________________________
>> _______________________________________________
>> Thinlinc-technical mailing list
>> Thinlinc-technical at lists.cendio.se
>> Manage your subscription:
>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>
>
>
> ---
> Peter Astrand		ThinLinc Chief Developer
> Cendio AB		http://cendio.com
> Teknikringen 8		http://twitter.com/ThinLinc
> 583 30 Linkoping	http://facebook.com/ThinLinc
> Phone: +46-13-214600	http://plus.google.com/112509906846170010689
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com ______________________________________________________________________
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>


---
Peter Astrand		ThinLinc Chief Developer
Cendio AB		http://cendio.com
Teknikringen 8		http://twitter.com/ThinLinc
583 30 Linkoping	http://facebook.com/ThinLinc
Phone: +46-13-214600	http://plus.google.com/112509906846170010689


More information about the Thinlinc-technical mailing list