[Thinlinc-technical] Multi factor auth
Leigh Porter
leigh.porter at ukbroadband.com
Thu Sep 5 12:15:57 CEST 2013
Thanks, what smart card readers do you have?r
Why has outlook stopped correctly formatting these followups?
Thanks,
Leigh Port
Hi! There are several options:
There are several One Time Password solutions, including RSA SecurID, Yubikey, Nordic Edge/McAfee OTP server and others. However, since ThinLinc uses a distributed architecture where clients first connect to the master machine, then does a second connection to the target server, this means that two authenications are necessary. So if you are using OTP solutions, you must account for this: Either arrange for two different OTPs (for example, pressing the Yubikey button twice), or configure the system to allow using the same OTP twice. This can be done with, for example, a RADIUS Token Caching Server. Some solutions, including some editions of the Nordic Edge OTP server, has had built in support for this. But it was a while since I looked at this.
Another common solution is of course smart cards. We have invested quite a lot in smart card support. Basic support for smart card authentication was added a long time ago, in version 2.0.0. In the latest version, there are several features such as support for using the certificate subject name as username, automatically connect when a card is inserted (and disconnect when you pull the card), certificate filters etc. The client has built in support for PKCS#15 cards. If you have other types of cards, it is necessary to acquire a suitable PKCS#11 compatible middleware module, and configure the ThinLinc Client to use that.
Regards,
Peter Astrand
On Wed, 4 Sep 2013, Leigh Porter wrote:
>
> Oops I managed to send this from the wrong account. Tut.
>
> --
> Leigh Porter
>
>
> On 4 Sep 2013, at 07:30, "Leigh Porter" <leigh at leighporter.org> wrote:
>
>> Hi all,
>>
>> What are people using for multi factor auth?
>>
>> My rays have smart cards which work well, I could do with something for thinlinc as well.
>>
>> Thanks!
>>
>> --
>> Leigh Porter
>>
>> _______________________________________________
>> Thinlinc-technical mailing list
>> Thinlinc-technical at lists.cendio.se
>> Manage your subscription:
>> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>>
>> _____________________________________________________________________
>> _ This email has been scanned by the Symantec Email Security.cloud
>> service.
>> For more information please visit http://www.symanteccloud.com
>> _____________________________________________________________________
>> _
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> Manage your subscription:
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
>
---
Peter Astrand ThinLinc Chief Developer
Cendio AB http://cendio.com
Teknikringen 8 http://twitter.com/ThinLinc
583 30 Linkoping http://facebook.com/ThinLinc
Phone: +46-13-214600 http://plus.google.com/112509906846170010689
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
More information about the Thinlinc-technical
mailing list