I already have a working directory server doing password based LDAP
login. Now I I am looking to implement two factor authentication. One
way to handle this that people are fairly familiar with is
ssh public key authentication through SSH. After a quick internet
search I found this....
This seems like it will work but has some drawbacks:
Implementing this involves patching the SSH server. We are going to
have to maintain our own patched open ssh RPM for several linux
What other key solutions exist? I am looking int kerb5 now. I am
looking for is something
that does not involve configuring two systems. LDAP configuration +
second system configuration
Something that has both a light footprint on the clients something
compatible with SSH would be nice.
Something that has a light server footprint. Something compatible with
modern *nux systems. Hopefully can be done via configuration of a
standard service, no/light patching.