[ale] CAC Smart cards or similiar for Linux

Richard Bronosky Richard at Bronosky.com
Mon Nov 22 19:53:02 EST 2010


How about thumb scanners? They are cheap and work with PAM.

On 11/22/10, Mike Harrison <cluon at geeklabs.com> wrote:
>> RSA (and clones) have been making keys with 1-time passwords for years.
>> At work we used RSA SecurID and my broker uses VeriSign fobs.
>
> RSA They want $25k for a "server appliance" and 150 fobs to get started.
> If this was for a mass-market application like a bank or broker, it might
> be worth the headache.
>
> It's not so much for ciphering/encryption as validating what is essentally
> a distributed "point of sale" application. I'm looking to make it
> as complicated as possible to login from someplace they should not..
> (like at home) or what actually seems to happen is login as a co-worker.
>
> And.. knowing the real world, I fully expect to find a bunch of these
> taped to the front of the system so the never leave, with the logins and
> passwords for everyone on a piece of paper taped to the wall in plain
> sight.
>
> What I am hoping is:
> login+password+clientcertificate+ipaddressrestrictions+physicalsomething
> is enough factors to ensure Mindy/password, at x.x.x.x with Mindy's
> physical key... really is Mindy so the cash she collects is accountable to
> her.. and it's not co-worker Brandy with Mindys password on her
> computer... logging up sales as Mindy and stashing the cash,
> which Mindy will get fired for not having.
>
> What I really want is smarter honest end-users.. but I also want Santa
> Claus to deliver a John Cooper Special Mini Cooper..
>
> My other expectation is the clients IT director will pass on the whole
> thing because he's the kind of person that sends password protected PDF's
> as secure e-mails.
>
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

-- 
Sent from my mobile device

.!# RichardBronosky #!.


More information about the Ale mailing list