I already have a working directory server doing password based LDAP login. Now I I am looking to implement two factor authentication. One way to handle this that people are fairly familiar with is ssh public key authentication through SSH. After a quick internet search I found this.... http://dev.inversepath.com/trac/openssh-lpk http://dev.inversepath.com/openssh-lpk/ldap_fosdem_2006.pdf This seems like it will work but has some drawbacks: Implementing this involves patching the SSH server. We are going to have to maintain our own patched open ssh RPM for several linux systems. What other key solutions exist? I am looking int kerb5 now. I am looking for is something that does not involve configuring two systems. LDAP configuration + second system configuration Something that has both a light footprint on the clients something compatible with SSH would be nice. Something that has a light server footprint. Something compatible with modern *nux systems. Hopefully can be done via configuration of a standard service, no/light patching. Any ideas?
