[Thinlinc-technical] Multi factor auth
Peter Astrand
astrand at cendio.se
Thu Sep 5 11:20:44 CEST 2013
Hi! There are several options:
There are several One Time Password solutions, including RSA SecurID,
Yubikey, Nordic Edge/McAfee OTP server and others. However, since ThinLinc
uses a distributed architecture where clients first connect to the master
machine, then does a second connection to the target server, this means
that two authenications are necessary. So if you are using OTP solutions,
you must account for this: Either arrange for two different OTPs (for
example, pressing the Yubikey button twice), or configure the system to
allow using the same OTP twice. This can be done with, for example, a
RADIUS Token Caching Server. Some solutions, including some editions of
the Nordic Edge OTP server, has had built in support for this. But it was
a while since I looked at this.
Another common solution is of course smart cards. We have invested quite a
lot in smart card support. Basic support for smart card authentication was
added a long time ago, in version 2.0.0. In the latest version, there are
several features such as support for using the certificate subject name as
username, automatically connect when a card is inserted (and disconnect
when you pull the card), certificate filters etc. The client has built in
support for PKCS#15 cards. If you have other types of cards, it is
necessary to acquire a suitable PKCS#11 compatible middleware module, and
configure the ThinLinc Client to use that.
Regards,
Peter Astrand
On Wed, 4 Sep 2013, Leigh Porter wrote:
>
> Oops I managed to send this from the wrong account. Tut.
>
> --
> Leigh Porter
>
>
> On 4 Sep 2013, at 07:30, "Leigh Porter" <leigh at leighporter.org> wrote:
>
>> Hi all,
>>
>> What are people using for multi factor auth?
>>
>> My rays have smart cards which work well, I could do with something for thinlinc as well.
>>
>> Thanks!
>>
>> --
>> Leigh Porter
>>
>> _______________________________________________
>> Thinlinc-technical mailing list
>> Thinlinc-technical at lists.cendio.se
>> Manage your subscription:
>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> ______________________________________________________________________
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> Manage your subscription:
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>
---
Peter Astrand ThinLinc Chief Developer
Cendio AB http://cendio.com
Teknikringen 8 http://twitter.com/ThinLinc
583 30 Linkoping http://facebook.com/ThinLinc
Phone: +46-13-214600 http://plus.google.com/112509906846170010689
More information about the Thinlinc-technical
mailing list