Educause Security Discussion mailing list archives
Re: Two factor authentication questions
From: Scott Dier <dierx002 () UMN EDU>
Date: Tue, 13 Oct 2009 11:26:15 -0500
One thing I'm focusing on here is evaluating OATH HOTP tokens along with a 3rd party radius server supporting the OATH HOTP algorithm for a small scale installation. I still need to bug some VARs and see who will sell us OATH tokens without buying a server from them. (we have one already!) The upside of this is being able to use standards -- I'd much rather integrate a radius server we know (radiator) into our infrastructure than a suite of proprietary tools that require windows or solaris. Upside too is nearly everything will speak with radius in some form or another. [speaking as a admin/user of the system, was not involved in purchasing] Our campus is using the Aladdin safeword product. I like it a lot but our security group runs our own authentication infrastructure to ensure our systems are more collusion resistant. Aladdin isn't really supporting the solaris platform anymore (and its a one-off machine for our group) and we're not really interested in running windows servers in our group. The tokens are excellent and easy to manage. I have no idea how it integrates into windows, I assume its some sort of attachment into AD. It also speaks radius, so things that can speak radius with it are ready to go. Our initial deployment, as far as I know, was to sysadmins and data stewards. On Tue, Oct 13, 2009 at 11:14 AM, Wayne J. Hauber <wjhauber () iastate edu>wrote:
My IT organization is considering two factor authentication. We have not been able to implement a central PKI environment. Lacking a central certificate structure, we decided to begin the project with a review of products that use tokens with rapidly changing passwords. We completed a very detailed review of a product that used password tokens and
-- Scott Dier <dierx002 () umn edu> OIT Security and Assurance University of Minnesota, Twin Cities
Current thread:
- Two factor authentication questions Wayne J. Hauber (Oct 13)
- <Possible follow-ups>
- Re: Two factor authentication questions Scott Dier (Oct 13)
- Re: Two factor authentication questions Greg Vickers (Oct 13)
- Re: Two factor authentication questions Mike Wiseman (Oct 14)