[ale] CAC Smart cards or similiar for Linux
John
jdp at algoloma.com
Mon Nov 22 15:50:11 EST 2010
I don't know about "smart cards" since that means a specific hardware
reader to me, but .... if you're looking for two-factor authentication ....
You may have already considered these and disqualified them. I'd be
interested in your reasons, if so.
YubiKey? But I wouldn't deploy this for too many non-technical people,
but for nerds it is easy enough - http://www.yubico.com/yubikey The
server is Apache licensed http://code.google.com/p/yubikey-val-server-php/ .
RSA (and clones) have been making keys with 1-time passwords for years.
At work we used RSA SecurID and my broker uses VeriSign fobs.
There's also WiKID http://www.wikidsystems.com/ They are local. I think
there is a GPL version avail.
http://freshmeat.net/search?q=Wikid&submit=Search
And if you want to go old school - paper - https://www.grc.com/ppp.htm
there have been many versions of paper-based cyphers over the years.
There are Linux, Windows AND Mac implementations. New BSD license.
Obviously, if they want more security tell them to stop running
MS-Windows. ;) There are hacks for most of these things, especially for
web sites, across all platforms. If the computer (client or server) is
hacked, all the n-factors in the world aren't going to make a difference
in security.
I'm fairly certain some lurkers have experience with these. Perhaps they
can add to the list and comment?
On 11/22/2010 03:20 PM, Mike Harrison wrote:
> I trying to figure out how to use CAC (Common Access Control) or similiar
> smart cards for an access control to a web system. There are some
> MS-Specific solutions, but I'm looking for something that works well with
> a Linux server and MS or Linux clients running FireFox.
>
> Specifically, I'd love to find a "Package" of a few hundred "cards"
> or "USB Tokens", a card/token creator/writer and the server side
> components that all work together.
>
> I'm trying to add a physical '3rd factor' to accessing a special web
> application. We are already using client certs... but some people want
> even more. A USB Key or CAC card would be perfect.
>
> Any clues, or are we in the famous: "built it from scratch yourself"
> territory?
>
>
>
More information about the Ale
mailing list