On 07/18/2014 05:11:35 AM, Nico Kadel-Garcia wrote: > On Thu, Jul 17, 2014 at 10:21 PM, Karl O. Pinc <kop@xxxxxxxx> wrote: > > On 07/17/2014 08:33:17 PM, Nico Kadel-Garcia wrote: > >> The Kerberos tokens are a tremendous win over this, for robust > >> single-sign-on, for the ability to invalidate or reject keys at a > >> central access point, and for their ease of integration with SSL > and > >> other technologies. > > > > FWIW, an alternative approach with similar benefits is to > > use hardware tokens such as yubikeys. This has some > > advantages when it comes to the social aspects involved in > > fixing poor security practices. The hardware cost is low enough > > that the risk/reward ratio can be good, especially as -- as > > noted above -- dealing with people is often the hardest part. > > Those are different patches!!!! Sorry, I forgot yubikey support was not integrated. I usually get it for free either via PAM or OpenBSD. Karl <kop@xxxxxxxx> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev