[Beowulf] One time password generators...
billycrook at gmail.com
Tue Mar 24 15:42:21 PDT 2009
On Tue, Mar 24, 2009 at 17:25, Robert G. Brown <rgb at phy.duke.edu> wrote:
> Doing certain classes of work one has to satisfy e.g. banking due
> diligence, which tends to be stronger than ordinary cluster due
> diligence. One aspect of that security (generally required, quite
> independent of whether or not it really increases security) is "strong
> authentication", currently held to be multifactor authentication, e.g.
> SSH keys AND a one-time password, a password AND biometrics, etc.
> I've got a possible gig set up that may need this and have been
> investigating the OTP devices for cost and linux capability. The cost
> seems generally to be "high", and while there are a few that are
> up-front linux capable, it seems to be really difficult to find a
> company that will just sell you a key generator at (say) $10 a pop and
> give you a matching piece of software to run on your linux server.
> There are a couple of possible exceptions to pursue in addition to the
> e.g. RSA-like solutions with their enormous cost, but I thought I'd
> throw it out to the group here too. Is there a straightforward low-cost
> way to generate OTP's without ten thousand dollar server software
> Robert G. Brown http://www.phy.duke.edu/~rgb/
> Duke University Dept. of Physics, Box 90305
> Durham, N.C. 27708-0305
> Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
If you want to spend as little as possible:
And if your users don't like typing long random things in, but you
still want them to use one-time credentials:
Both can be integrated with PAM. Yubikeys go for $25 (less in
quantity). Their server side software is Free Software, hosted on
Google Code. http://code.google.com/u/simon75j/
More information about the Beowulf