I've been looking at different solutions for two-factor authentication (as in something you have) to use as a backup to what Sun IT provides us. Since we run two data centers outside of Sun, and require two-factor authentication to log on to all our external servers, we are often prevented from logging on as the network path back to the Sun IT verification servers is down. So we need a backup solution that allows us to do the verification in our data center when the network is down.
The top contender for this is Yubico's yubikey which I think is a very cool device. And the best part of it, is that all software needed to do the verification is open sourced!
I've compiled libykclient.so and pam_yubico.so on
OpenSolaris
with the help of
Simon
as we had to make some minor adjustments to get it compiled on Solaris.
I've made some additional minor modifications to pam_yubico.so
to let me use it for two-factor authentication (I'll
post
the diffs later).
This is how the authentication looks now:
martin@mbp$ ssh puppet-tst2 Password: my normal UNIX passphrase Yubikey: the output from the yubikey martin@puppet-tst2 $
I'm very pleased with the results of my tests so far, and if you are looking at a two-factor authentication, buy a few of them and git it a try...
