| Yubico Forum https://forum.yubico.com/ |
|
| Yubikeys as a 2nd factor for SSH auth with a different KSM https://forum.yubico.com/viewtopic.php?f=5&t=579 |
Page 1 of 1 |
| Author: | romain [ Wed Oct 13, 2010 10:36 am ] |
| Post subject: | Yubikeys as a 2nd factor for SSH auth with a different KSM |
We have spent some time setting up a pilot infrastructure to incorporate Yubikeys in our RHEL environment, in particular: - We wanted our own validation and KSM services - The first objective was to improve SSH authentication - We wanted to use PAM - We use Kerberos 5 (and AFS) - Our SSH servers run a RHEL5 variant - Our own root CA should be able to issue x509 certificates for the validation and KSM servers - We need to plan a smooth transition from our users to gradually introduce Yubikeys - Users should be able to import to create/import their AES key to the system We had to make some modifications to the code, mainly pam_yubico and ykclient, which has been submitted to Yubico. Our pilot is finally working, and we are in the process of documenting our experience: https://twiki.cern.ch/twiki/bin/view/Main/Yubikeys We thought it may be of some help for others. Romain. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|