[ale] Smart cards
Michael H. Warfield
mhw at WittsEnd.com
Fri Oct 7 10:12:03 EDT 2011
On Fri, 2011-10-07 at 08:10 -0400, Mike Harrison wrote:
> On Thu, 6 Oct 2011, Michael Trausch wrote:
>
> > Just to clarify, I am not specifically looking for an OpenPGP smartcard...
> > anything that'll do for auth is fine.
> Take a look at http://www.yubikey.com
> I have not used them yet, but I need to buy some at play with them.
Funny... I've been in discussions with another team/group that's
looking at Yubikey and the more I hear about it, the less I like it.
It's designed to be something more along the lines of an OTP token like
SecureID except it drives your keyboard directly (to protect the poor
users from actually having to type in an OTP, I guess). Looking at it
for things like SSH, I'm totally shocked and horrified that it would
preclude the use of strong RSA authentication keys and true crypto cards
because it's incompatible with them and pam has no mechanism for doing
RSA auth ala SSH (at the moment - being worked on, if I understand it
right) and may have some other compatibility gotchas. It's a poor
substitute for true crypto auth, IMNSHO.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111007/e3ac26cf/attachment.bin
More information about the Ale
mailing list