[Sussex] PAM authentication by user....

Mark Harrison Mark at ascentium.co.uk
Thu Jan 22 18:02:46 UTC 2004


It's not a mad requirement at all...

Multiple-factor authentication is a common requirement in the "high-end"
systems world, and this has trickled down to the OPSEC-type midrange levels
of security.

I'm almost certain that RADIUS-based solutions allow role-specific
configuration of authentication technologies. (Using the word RADIUS to mean
the standard, not the originating manufacturer here)

I've not played with, say, FreeRADIUS, so don't know how straightforward it
is to set up. However, it is possible to get FreeRADIUS to get its user data
from an LDAP database, and OpenLDAP is _much_ easier to use with modified
schemas than, say, AD...

www.freeradius.org would be a good place to start.

Regards,

Mark


----- Original Message ----- 
From: <nik at wired4life.org>
To: "Sussex" <sussex at mailman.lug.org.uk>
Sent: Thursday, January 22, 2004 3:26 PM
Subject: [Sussex] PAM authentication by user....


> Im playing with PAM and USB key authentication and it works, very well.
> Ive documented the proccess and will pass the comments on in a technical
> meet when we next have one. Overall its pretty cool  however it works to
> well nd PAM forces the login to be applied ot everyone. whichmeans all
> users of this pc need a usb key to authenticate.
>
> Id like some flexibility. Id like to be able to say use this PAM module
> for logins on user accounts x,y,z and resort to efault PAM settings for
> all oter users...
>
> am i mad or is this possible ?
>
> ive read
>
> http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html
>





More information about the Sussex mailing list