[Thinlinc-technical] Multi factor auth

Peter Astrand astrand at cendio.se
Thu Sep 5 11:20:44 CEST 2013


Hi! There are several options:

There are several One Time Password solutions, including RSA SecurID, 
Yubikey, Nordic Edge/McAfee OTP server and others. However, since ThinLinc 
uses a distributed architecture where clients first connect to the master 
machine, then does a second connection to the target server, this means 
that two authenications are necessary. So if you are using OTP solutions, 
you must account for this: Either arrange for two different OTPs (for 
example, pressing the Yubikey button twice), or configure the system to 
allow using the same OTP twice. This can be done with, for example, a 
RADIUS Token Caching Server. Some solutions, including some editions of 
the Nordic Edge OTP server, has had built in support for this. But it was 
a while since I looked at this.

Another common solution is of course smart cards. We have invested quite a 
lot in smart card support. Basic support for smart card authentication was 
added a long time ago, in version 2.0.0. In the latest version, there are 
several features such as support for using the certificate subject name as 
username, automatically connect when a card is inserted (and disconnect 
when you pull the card), certificate filters etc. The client has built in 
support for PKCS#15 cards. If you have other types of cards, it is 
necessary to acquire a suitable PKCS#11 compatible middleware module, and 
configure the ThinLinc Client to use that.

Regards,
Peter Astrand

On Wed, 4 Sep 2013, Leigh Porter wrote:

>
> Oops I managed to send this from the wrong account. Tut.
>
> -- 
> Leigh Porter
>
>
> On 4 Sep 2013, at 07:30, "Leigh Porter" <leigh at leighporter.org> wrote:
>
>> Hi all,
>>
>> What are people using for multi factor auth?
>>
>> My rays have smart cards which work well, I could do with something for thinlinc as well.
>>
>> Thanks!
>>
>> --
>> Leigh Porter
>>
>> _______________________________________________
>> Thinlinc-technical mailing list
>> Thinlinc-technical at lists.cendio.se
>> Manage your subscription:
>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> ______________________________________________________________________
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> Manage your subscription:
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>


---
Peter Astrand		ThinLinc Chief Developer
Cendio AB		http://cendio.com
Teknikringen 8		http://twitter.com/ThinLinc
583 30 Linkoping	http://facebook.com/ThinLinc
Phone: +46-13-214600	http://plus.google.com/112509906846170010689


More information about the Thinlinc-technical mailing list