[Thinlinc-technical] Multi factor auth

Leigh Porter leigh.porter at ukbroadband.com
Thu Sep 5 12:15:57 CEST 2013


Thanks, what smart card readers do you have?r

Why has outlook stopped correctly formatting these followups?

Thanks,
Leigh Port

Hi! There are several options:

There are several One Time Password solutions, including RSA SecurID, Yubikey, Nordic Edge/McAfee OTP server and others. However, since ThinLinc uses a distributed architecture where clients first connect to the master machine, then does a second connection to the target server, this means that two authenications are necessary. So if you are using OTP solutions, you must account for this: Either arrange for two different OTPs (for example, pressing the Yubikey button twice), or configure the system to allow using the same OTP twice. This can be done with, for example, a RADIUS Token Caching Server. Some solutions, including some editions of the Nordic Edge OTP server, has had built in support for this. But it was a while since I looked at this.

Another common solution is of course smart cards. We have invested quite a lot in smart card support. Basic support for smart card authentication was added a long time ago, in version 2.0.0. In the latest version, there are several features such as support for using the certificate subject name as username, automatically connect when a card is inserted (and disconnect when you pull the card), certificate filters etc. The client has built in support for PKCS#15 cards. If you have other types of cards, it is necessary to acquire a suitable PKCS#11 compatible middleware module, and configure the ThinLinc Client to use that.

Regards,
Peter Astrand

On Wed, 4 Sep 2013, Leigh Porter wrote:

>
> Oops I managed to send this from the wrong account. Tut.
>
> --
> Leigh Porter
>
>
> On 4 Sep 2013, at 07:30, "Leigh Porter" <leigh at leighporter.org> wrote:
>
>> Hi all,
>>
>> What are people using for multi factor auth?
>>
>> My rays have smart cards which work well, I could do with something for thinlinc as well.
>>
>> Thanks!
>>
>> --
>> Leigh Porter
>>
>> _______________________________________________
>> Thinlinc-technical mailing list
>> Thinlinc-technical at lists.cendio.se
>> Manage your subscription:
>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>
>> _____________________________________________________________________
>> _ This email has been scanned by the Symantec Email Security.cloud 
>> service.
>> For more information please visit http://www.symanteccloud.com 
>> _____________________________________________________________________
>> _
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com 
> ______________________________________________________________________
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> Manage your subscription:
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>


---
Peter Astrand		ThinLinc Chief Developer
Cendio AB		http://cendio.com
Teknikringen 8		http://twitter.com/ThinLinc
583 30 Linkoping	http://facebook.com/ThinLinc
Phone: +46-13-214600	http://plus.google.com/112509906846170010689

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________



More information about the Thinlinc-technical mailing list