[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user

From: Fredrik Lindgren
Subject: Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user
Date: Mon, 4 Jun 2012 17:43:54 +0200

On May 31, 2012, at 10:46 PM, Tim Eggleston wrote:

> Hi Simon,
>> Having the same secret in several devices is usually not a good idea --
>> instead, how about a scheme to have multiple lines in users.oath for the
>> same user but with different OATH secrets? Then each OTP could be
>> tested against all lines for a user, to find which device is relevant,
>> and then that line could be updated.
> Perfect! This is exactly what I was hoping for. As well as enabling 
> flexibility in cases such as mine (where I use a couple of Yubikeys 
> day-to-day), it would also allow us to be a bit stronger with our pam config: 
> we could configure a backup token which was stored somewhere safe & secure, 
> and then we could require the OTP to authenticate instead of making it 
> "sufficient", knowing that even if we lost our primary token we could always 
> fall back to the backup.

This is something I too would find very useful. Simon, have you had time to 
decide if it's something you plan to do?

/ Fredrik

Attachment: smime.p7s
Description: S/MIME cryptographic signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]