GSSAPI
Karl O. Pinc
kop at meme.com
Fri Jul 18 23:15:08 EST 2014
On 07/18/2014 05:11:35 AM, Nico Kadel-Garcia wrote:
> On Thu, Jul 17, 2014 at 10:21 PM, Karl O. Pinc <kop at meme.com> wrote:
> > On 07/17/2014 08:33:17 PM, Nico Kadel-Garcia wrote:
> >> The Kerberos tokens are a tremendous win over this, for robust
> >> single-sign-on, for the ability to invalidate or reject keys at a
> >> central access point, and for their ease of integration with SSL
> and
> >> other technologies.
> >
> > FWIW, an alternative approach with similar benefits is to
> > use hardware tokens such as yubikeys. This has some
> > advantages when it comes to the social aspects involved in
> > fixing poor security practices. The hardware cost is low enough
> > that the risk/reward ratio can be good, especially as -- as
> > noted above -- dealing with people is often the hardest part.
>
> Those are different patches!!!!
Sorry, I forgot yubikey support was not integrated. I usually
get it for free either via PAM or OpenBSD.
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the openssh-unix-dev
mailing list