Joshua Johnson
2002-Jun-24 15:41 UTC
Require multiple methods of authentication.. status...
All, Forgive me if this is has been covered. I didn't find what I was looking for in the man pages or on the list archives. What is the status of being able to require a user to perform multiple methods of authentication. I.E. BOTH kerberos and pubkey -or- BOTH kerb V and smartcard -etc. etc. etc.- I saw an entry on the archive from Markus and Tom in Arpil 2001 that said there may be a patch to do this, but I can't seem to locate a directive to set this up. Can anyone give me a pointer/patch? Sincere Thanks, Joshua JOhnson
Carson Gaspar
2002-Jun-24 18:19 UTC
Require multiple methods of authentication.. status...
--On Monday, June 24, 2002 10:41 AM -0500 Joshua Johnson <joshua.johnson at ftlsys.com> wrote:> What is the status of being able to require a user to perform multiple > methods of authentication.I developed a patch a while ago to do this. It was rejected, because the functionality it provided included specifying the order of the authentication methods, and was deemed "too complicated". I was told that a patch that was order insensitive, and could therefore be reduced to a bitfield, would be acceptable. But that was not enough for my requirement (force pubkey before password), so I never did it. Recently, someone has taken my old patch and ported it to a recent release. See the list archives for details. I haven't looked at it at all, so caveat emptor. There is also a patch that integrates the keynote policy language. I haven't looked at it, as I changed employers and no longer require any of this (and my free time has been reduced ;-). -- Carson