Re: PAM & RSA (SuSE Linux+OpenSSH)



On Mon, Jan 16, 2006 at 09:37:14AM +0100, Juan C. Sanchez-DelBarrio wrote:
> Novell SLES 9 is the OS installed in our servers. As a security officer,
> I try to implement the Common Criteria EAL4+ procedure
> (http://www.bsi.bund.de/zertifiz/zert/reporte/0256b.pdf and
> http://www.bsi.bund.de/zertifiz/zert/reporte/0256a.pdf) in these
> servers. It is necessary the use of audit program on the servers. They
> recommend the combination of PAM_LAUS and AUDIT. The system managers use
> the RSA authentication against the servers.

If you just want to audit access then you can use the PAM account or
session stacks to implement your auditing.

OpenSSH still calls those even for RSA authentication (assuming PAM is
enabled, of course), and if they return a failure then the access to
the system will be denied.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



Relevant Pages

  • Re: HELP - File Auditing
    ... > We have performed all of the below on many servers with no results... ... Auditing must be enabled on ... > individual objects for audit events to be logged. ... >>audit policy setting take effect only when the policy ...
    (microsoft.public.win2000.security)
  • Re: HELP - File Auditing
    ... We have performed all of the below on many servers with no results... ... Enabling either success or failure event auditing does ... individual objects for audit events to be logged. ... >audit policy setting take effect only when the policy ...
    (microsoft.public.win2000.security)
  • Looking for VBS (??) script to report local policies
    ... I'm preparing for an expected IT audit in the upcoming future. ... multiple Windows 2000/2003 servers that I just started working on about ... I did manage to find a VBS Script on Microsoft (called ...
    (microsoft.public.windows.server.scripting)
  • Re: AD access
    ... An IT auditor is assessing risk and creating or evaluating controls. ... I know thats a pretty high level pass over on IT audit plans, ... > of an internal audit organization and we need access to all servers, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Error: "Cannot initialize SFTP protocol. Is the host running a SFTP server?"
    ... >I installed Openssh on a couple of Windows 2000 servers with cygwin, ... >instructions I found on this web page: ... Sound like the sftp subsystem settings in sshd_config are wrong. ... Good judgement comes with experience. ...
    (comp.security.ssh)