[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OATH-Toolkit-help] Re: Storage of credentials

From: Simon Josefsson
Subject: [OATH-Toolkit-help] Re: Storage of credentials
Date: Fri, 18 Mar 2011 16:10:01 +0100
User-agent: Gnus/5.110016 (No Gnus v0.16) Emacs/23.2 (gnu/linux)

Daniel Pocock <address@hidden> writes:

>> I had a breif discussion with Simon regarding how to store user
>> credentials (alternatives to the /etc/users.oath file) before he
>> pointed me to this mail-list. Let's continue the discussion here!
> This is essentially why I built dynalogin as an extra layer around HOTP
> - you can then put dynalogin and the secrets on a dedicated, hardened
> machine.  The secrets never travel on the network, it simply gives
> yes/no responses to the auth requests.

Right that is a better approach, for larger installations you will want
to use some protocol between clients and a server.  But somewhere the
HOTP validation will need to occur, and there is where pam_oath could be
used -- for example if you are using FreeRadius with pam_oath as the
backend, and using pam_radius on all client hosts.  Using the usersfile
there doesn't scale.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]