Any One-Time password system.

Alan DeKok aland at deployingradius.com
Thu May 16 16:24:01 CEST 2013


Sergii Bieliaievskyi wrote:
> I want to change my security strategy. 

  I think you're taking the wrong approach.  You don't get security by
using a bunch of "security" software.  You get security by understanding
the risks, and working to minimize them.

> It would be better to user two step verification by google. There
> is google-authenticator (http://code.google.com/p/google-authenticator/)
> but it checks users in local database /etc/passwd and so on. 
> How should I synchronize my unix box with corporate google account database?
> Does anybody have such an experience?

  I doubt it.

  And you'll probably run into timeouts.  Users will take a long time to
do two-step authentication.  By the time they're done, the NAS will
often give up on the authentication request.

  Your system will be so secure that no one will be able to log in.

  Alan DeKok.


More information about the Freeradius-Users mailing list