A Naive Question Respecting X.509 Logins
I have been looking at replacing our current login systems with a single login solution. In the process I managed to get sidetracked into investigating pam_pkcs11. My question, which no doubt reveals the depth of my ignorance, is: Can a simple USB flash memory stick be configured to work with this or some similar module of which I as yet know nothing?
Everything I have managed to find about this method of loging on to CentOS
implies that either a special smart-card and dedicated reader or a purpose-built usb smart-token is required. Is this in fact so? Is there no way to just use a standard usb flash memory ‘key’ to achieve the same effect?
3 thoughts on - A Naive Question Respecting X.509 Logins
James B. Byrne wrote:
investigating with this or
Not sure. All I know is from our usages, and as this is a US government facility, we have our PIV-II cards… and use pcscd which uses pkcs11.
mark
James B. Byrne wrote:
investigating
Right… and the answer to this part – have you looked into kerberos?
mark
Am 16.04.2014 um 23:01 schrieb m.roth@5-cent.us:
http://www.freeipa.org/page/Main_Page
–
LF