I have been looking at replacing our current login systems with a single login solution. In the process I managed to get sidetracked into investigating pam_pkcs11. My question, which no doubt reveals the depth of my ignorance, is: Can a simple USB flash memory stick be configured to work with this or some similar module of which I as yet know nothing?
Everything I have managed to find about this method of loging on to CentOS implies that either a special smart-card and dedicated reader or a purpose-built usb smart-token is required. Is this in fact so? Is there no way to just use a standard usb flash memory 'key' to achieve the same effect?
James B. Byrne wrote:
I have been looking at replacing our current login systems with a single login solution. In the process I managed to get sidetracked into
investigating
pam_pkcs11. My question, which no doubt reveals the depth of my ignorance, is: Can a simple USB flash memory stick be configured to work
with this or
some similar module of which I as yet know nothing?
Everything I have managed to find about this method of loging on to CentOS implies that either a special smart-card and dedicated reader or a purpose-built usb smart-token is required. Is this in fact so? Is there no way to just use a standard usb flash memory 'key' to achieve the same effect?
Not sure. All I know is from our usages, and as this is a US government facility, we have our PIV-II cards... and use pcscd which uses pkcs11.
mark
Am 16.04.2014 um 23:01 schrieb m.roth@5-cent.us:
James B. Byrne wrote:
I have been looking at replacing our current login systems with a single login solution. In the process I managed to get sidetracked into
investigating
<snip> Right... and the answer to this part - have you looked into kerberos?
http://www.freeipa.org/page/Main_Page
- LF
-
James B. Byrne -
Leon Fauster -
m.roth@5-cent.us