Is it possible to require both a certificate and a Kerberos password for authentication?
- From: "Jim Talbut" <<private>>
- Date: Fri, 16 Jan 2009 10:41:51 -0000
Hi,
I'm currently using OpenSSH on OpenBSD as a remote access service.
Authentication is username & password via kerberos.
My problem is that I don't trust my users to validate the server certificate - I know that ignorant muppets will accept a man in the middle attack without any worries as long as it gives them access to our network (after giving out their password).
So I'd like to refuse access to clients that do not provide a certificate.
But I don't want to rely entirely upon the certificate, because I (a) don't trust the users to look after it and (b) don't want the users to have to remember both a certificate passphrase and their kerberos password.
What I want is to require two different methods of authentication.
Is this possible with OpenSSH?
With any other SSH server?
Thanks
Jim
.
- Follow-Ups:
- Re: Is it possible to require both a certificate and a Kerberos password for authentication?
- From: Nico Kadel-Garcia
- Re: Is it possible to require both a certificate and a Kerberos password for authentication?
- Prev by Date: pageant crash on WinXP
- Next by Date: Re: Failed publickey problem
- Previous by thread: pageant crash on WinXP
- Next by thread: Re: Is it possible to require both a certificate and a Kerberos password for authentication?
- Index(es):
Relevant Pages
|
