Smartcard and non-password methods (was Re: Password repository)

Christopher Morrow morrowc.lists at gmail.com
Sun Nov 22 22:52:36 CST 2009


On Sat, Nov 21, 2009 at 10:45 PM, Scott Howard <scott at doc.net.au> wrote:
> On Sat, Nov 21, 2009 at 6:38 AM, John Levine <johnl at iecc.com> wrote:
>
>> > Are passwords still the only lowest-common-denominator?
>>
>> There's OpenID, where a provider can use any verification process it
>> wants, but all the OpenID providers I know use ordinary passwords.
>>
>
> http://yubico.com/developers/openid/
>
> I'm currently trialing Yubico's for access to a number of Unix systems (via
> PAM), and they seem to work very well.  Haven't played around with the

+1 for yubico's simplicity to setup/use. They also support a 'run your
own auth server' model, so if you've got a closed system you don't
have to find a way to sneak out http/s links to yubico-land.

> OpenID support, so I can't comment on if/how well it works.

I have not used their openid support either... but it looks promising.

-Chris




More information about the NANOG mailing list