Re: Two factor authentication questions

[Scott Dier <dierx002 () UMN EDU>]

One thing I'm focusing on here is evaluating OATH HOTP tokens along with a
3rd party radius server supporting the OATH HOTP algorithm for a small scale
installation.  I still need to bug some VARs and see who will sell us OATH
tokens without buying a server from them. (we have one already!)
The upside of this is being able to use standards -- I'd much rather
integrate a radius server we know (radiator) into our infrastructure than a
suite of proprietary tools that require windows or solaris.  Upside too is
nearly everything will speak with radius in some form or another.

[speaking as a admin/user of the system, was not involved in purchasing]
Our campus is using the Aladdin safeword product.  I like it a lot but our
security group runs our own authentication infrastructure to ensure our
systems are more collusion resistant.  Aladdin isn't really supporting the
solaris platform anymore (and its a one-off machine for our group)  and
we're not really interested in running windows servers in our group.  The
tokens are excellent and easy to manage.  I have no idea how it integrates
into windows, I assume its some sort of attachment into AD.  It also speaks
radius, so things that can speak radius with it are ready to go.  Our
initial deployment, as far as I know, was to sysadmins and data stewards.

On Tue, Oct 13, 2009 at 11:14 AM, Wayne J. Hauber <wjhauber () iastate edu>wrote:

> My IT organization is considering two factor authentication. We have not
> been able to implement a central PKI environment. Lacking a central
> certificate structure, we decided to begin the project with a review of
> products that use tokens with rapidly changing passwords. We completed a
> very detailed review of a product that used password tokens and


--
Scott Dier <dierx002 () umn edu>
OIT Security and Assurance
University of Minnesota, Twin Cities