Re: GSSAPI

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 07/18/2014 05:11:35 AM, Nico Kadel-Garcia wrote:
> On Thu, Jul 17, 2014 at 10:21 PM, Karl O. Pinc <kop@xxxxxxxx> wrote:
> > On 07/17/2014 08:33:17 PM, Nico Kadel-Garcia wrote:

> >> The Kerberos tokens are a tremendous win over this, for robust
> >> single-sign-on, for the ability to invalidate or reject keys at a
> >> central access point, and for their ease of integration with SSL
> and
> >> other technologies.
> >
> > FWIW, an alternative approach with similar benefits is to
> > use hardware tokens such as yubikeys.  This has some
> > advantages when it comes to the social aspects involved in
> > fixing poor security practices.  The hardware cost is low enough
> > that the risk/reward ratio can be good, especially as -- as
> > noted above -- dealing with people is often the hardest part.
> 
> Those are different patches!!!!

Sorry, I forgot yubikey support was not integrated.  I usually
get it for free either via PAM or OpenBSD.


Karl <kop@xxxxxxxx>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux