[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user
|
From: |
Fredrik Lindgren |
|
Subject: |
Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user |
|
Date: |
Mon, 4 Jun 2012 17:43:54 +0200 |
On May 31, 2012, at 10:46 PM, Tim Eggleston wrote:
> Hi Simon,
>
>> Having the same secret in several devices is usually not a good idea --
>> instead, how about a scheme to have multiple lines in users.oath for the
>> same user but with different OATH secrets? Then each OTP could be
>> tested against all lines for a user, to find which device is relevant,
>> and then that line could be updated.
>
> Perfect! This is exactly what I was hoping for. As well as enabling
> flexibility in cases such as mine (where I use a couple of Yubikeys
> day-to-day), it would also allow us to be a bit stronger with our pam config:
> we could configure a backup token which was stored somewhere safe & secure,
> and then we could require the OTP to authenticate instead of making it
> "sufficient", knowing that even if we lost our primary token we could always
> fall back to the backup.
>
This is something I too would find very useful. Simon, have you had time to
decide if it's something you plan to do?
/ Fredrik
smime.p7s
Description: S/MIME cryptographic signature
- Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user,
Fredrik Lindgren <=