|
Which distributions have true multi factor authentication?
The distribution I've been using does not have a proper two-factor login scheme. The daft buggers have configured the system so that whomever is sitting in front of a machine is gifted with the entire list of user names having access to the system. This, of course, only requires them to guess only one of the factors instead of both. So while said system is still a two-factor system it's one whose security has been crippled down to a single-factor system.
Does anyone know which distributions have proper two-factor authentication schemes for logging in users? -----p.s. No, I will not name the distribution I'm using so that a 'fix' can be provided. If the distributions creators have been willing to knowingly bugger the security of the system for the sake of user laziness at the login then heaven only knows what other holes exist. I have neither the time nor the inclination to discover or ask what they might be and how to 'fix' them as well. Better to simply move on to a distribution who won't knowlingly bugger the security. |
You realize that this is most likely just the default way your display manager is set up and that you can most likely very easily 'fix' this? Could it be that the distribution in question is Fedora? Also, don't want your users to get lazy? Disable the DM altogether and let them log in at one of the virtual consoles, start their favorite WM/DE manually, etc. Try OpenBSD, they claim to be secure by default, which seems to be what you are looking for.
|
Quote:
|
Trolls reframe the question.
Trolls argue symantics. Trolls don't help others accomplish something but instead expect others to do it the troll's way. RTFQ and ATFQ is what non-trolls do. |
OMG! A troll-moderator? We are all doomed! :-/
|
Quote:
As for your question, the answer is that any distro can be made to do multi-factor authentication. Your post, however, talks about two completely different things. One is your issue with the usernames being displayed at login time (which I believe is your main concern here), while the other issue is the question posed in the thread's title, which as I explained in my previous post is not directly related to the username list. This isn't about semantics, it's about understanding what something is, and what it's not. In a forum such as this, it would be extremely irresponsible for me to not provide some guidance when someone erroneously refers to username/password combinations as "two-factor authentication". At this point, I would ask that you clarify whether you are seeking help getting your login manager to stop displaying the username list; seeking a distro that doesn't display the username list by default (eliminating the need for you to personalize your login manager's settings); or seeking a distro that does multi-factor authentication out-of-the-box (since it should be fairly obvious that any distro could be made to do it post-install). Once our members have no doubts about what specific direction you're determined to take, they will be better able to provide you with their assistance. |
Quote:
Tighter SSH Security with Two-Factor Authentication Dec 01, 2006 By Paul Sery http://www.linuxjournal.com/article/8957 This article describes how to combine removable media with OpenSSH public/private keys and the amazing ssh-agent program to achieve two-factor authentication for both regular and privileged users. Open Source Two-factor authentication: The WiKID Community Edition http://www.wikidsystems.com/community-version The WiKID Strong Authentication System consists of three parts: the WiKID server, the WiKID token client and a network client (such as a VPN, website or other service requesting authentication). The WiKID server is written in Java, as is the open source J2SE PC client. Two-Factor Authentication: Can You Choose the Right One? http://www.sans.org/reading_room/whi...ight_one_33093 This paper will serve as a great beginning stepping stone for those who have chosen to adopt this type of authentication. It can be extremely expensive to change course after choosing a company/technology; therefore, the thorough evaluation of available products is of paramount importance. This paper will conclude with recommendations, a comparison of benefits and negatives regarding each inquiry, and proposals. Multi-security mechanisms with multifactor authentications http://www.ibm.com/developerworks/ai...P=grsitelnxw16 Authentication is a the key component of security-based solutions. In client-server models designed over UNIX® systems, distributed network security is of significant importance. In order to meet the stringent security requirements necessary in client-server models, either multi-layer authentication or multifactor authentication or combinations of both are being used by existing systems. This article discusses the risk associated with the use of the same security mechanism in multifactor authentication systems and proposes the use of GSS-API ( Generic Security Service available with most of the UNIX systems) as a suitable option for achieving the multi-security mechanism clubbed with multi-factor authentication for enhanced security for solutions designed over UNIX. |
I have found one possible answer to my question. It seems that Debian v5.04 does not present a user list to anyone when they attempt to login. So, for now at least, I will use it and keep searching to see what other distributions are similar in this regard.
Did I phrase the subject line of the thread badly? Sure. It happens frequently and not just among the newbie types. Did I, in describing my concern, misuse the common understanding of certain phrases like "multi-factor authentication" and "two-factor authentication"? Certainly. Again, this sort of thing happens frequently and not just among the newbie types. However these errors on my part in no way gives those who do know the common meaning the right to ignore the question being asked altogether opting instead to blather on about how the original poster messed things up. Trolls argue about the minutea instead of answering the question. Now to be fair, if someone had posted a response (and someone has -- thanks Jim Bengtson for the help) showing the errors made but not answering the question asked I could have lived with being educated by others on the misuse of these phrases provided they did only that. Instead I was besieged by trolls foisting their opinions on what I aught and/or aught not to be doing. Trolls issue proclamations concerning what others aught and aught not be doing rather than actually answering the question asked. The fact that someone is in a position of authority does not preclude them from behaving like a troll. It just makes them a troll with a badge. As for the troll with a badges arguement over my question being unclear.... The first clue as to what question is being asked is a little thing appearing at the end of a sentence called a "question mark". It looks like this: '?'. Considering there is only ONE sentence in the entire posting with one of those marks... hmmm, perhaps I should have underlined it, increased the size of the type face and made it a different colour to make it more clear. I made the question even more clear by stating (in a post script) that I wish to replace my current distribution rather than repair it. I even provided a reason. So what happened? The trolls chose to argue my reason wasn't justified so my question would become irrelevant. The trouble is though that it doesn't matter whether my reason is justifiable or not. You see I am using Linux and the reason I am using Linux (as opposed to M$ or A$ or ???) is precisely so I can decide how things happen on my computer. If one distribution doesn't do things the way I would like them then I can go to one that will. For instance, how many have flocked from their previous distribution in favor of Ubuntu precisely because Ubuntu does things the others won't??? So what do I get instead of an answer to the question... a troll with a badge (who by the way is a Ubuntu user) issuing proclamations concerning how in their opinion ridiculous people change their distribution of choice rather than fixing the one they currently have. Then this troll with a badge has the audacity to proclame that I am attacking people and need to tone it down a notch. I wrote it before, I will write it again: Trolls reframe the question. Trolls argue symantics. Trolls don't help others accomplish something but instead expect others to do it the troll's way. RTFQ and ATFQ is what non-trolls do. Now, go ahead and ban me troll with a badge. It's no great loss on my part since I now know that should I ever have a question again posting it on 'Linux Questions' will only result in being abused by not framing the question properly but will also be told what to do rather than helped with how I would like things to work. |
This is just a configuration option in your display manager. What are you using? Eg kdm, gdm, xdm
Edit: Just read more of the thread: @OP sorry, seems my post will not help you. Cheers, Evo2. |
HarveyPwca, I could indeed issue you a temporary ban right now, as you've done the complete opposite of what I asked of you with regards to chilling out. I'm not going to do that, though, and I'm instead going to let this one go by treating it as an aftershock of your original rant. Hopefully by now you've managed to get rid of whatever's been eating at you, and this thread may still stand a chance of getting back on topic and surviving. If you wish to discuss the moderation issue any further, I request that you contact me via email directly, as this is not the proper venue for you to take up those matters.
|
| All times are GMT -5. The time now is 10:33 PM. |