Re: Is it possible to require both a certificate and a Kerberos password for authentication?
- From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
- Date: Fri, 16 Jan 2009 13:11:40 -0800 (PST)
On Jan 16, 5:41 am, "Jim Talbut" <<private>> wrote:
Hi,
I'm currently using OpenSSH on OpenBSD as a remote access service.
Authentication is username & password via kerberos.
My problem is that I don't trust my users to validate the server
certificate - I know that ignorant muppets will accept a man in the middle
attack without any worries as long as it gives them access to our network
(after giving out their password).
So I'd like to refuse access to clients that do not provide a certificate..
But I don't want to rely entirely upon the certificate, because I (a) don't
trust the users to look after it and (b) don't want the users to have to
remember both a certificate passphrase and their kerberos password.
What I want is to require two different methods of authentication.
Is this possible with OpenSSH?
With any other SSH server?
Thanks
Jim
Why not run the primary authentication technique on one port, and a
secondary technique on another port with separate restrictions in the
sshd_config to manage it as desired for each port?
.
- Follow-Ups:
- References:
- Prev by Date: Re: pageant crash on WinXP
- Next by Date: Limiting SSH keys for git hostinig
- Previous by thread: Is it possible to require both a certificate and a Kerberos password for authentication?
- Next by thread: Re: Is it possible to require both a certificate and a Kerberos password for authentication?
- Index(es):
Relevant Pages
|
