Yeah, I guess it&#39;s not really cloud specific, other than the idea that it&#39;s for remote systems that are in networks I don&#39;t control, and it needs to be a setup that is easily replicated/deployed...you know, like an AWS instance, or such ;)<div>
<br></div><div>I had looked around for a pam module for the google auth not terribly long ago and didn&#39;t find anything that was outside of alpha-level stuff.</div><div><br></div><div>Brian<br><br><div class="gmail_quote">
On Fri, Jan 28, 2011 at 6:36 PM, Jeremy Katz <span dir="ltr">&lt;<a href="mailto:katzj@fedoraproject.org">katzj@fedoraproject.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Right, the AWS two factor auth is just for access to their stuff and<br>
not at all related to instance auth.<br>
<br>
You basically want anything that can be used for two factor auth in<br>
Fedora?  The Yubikeys should work (<a href="http://www.yubico.com/yubikey" target="_blank">http://www.yubico.com/yubikey</a>) and<br>
I also vaguely remember that Google released a library with a pam<br>
module for their two factor auth a few months ago although I&#39;m not<br>
finding a link to it in a quick check<br>
<br>
- Jeremy<br>
<div><div></div><div class="h5"><br>
On Fri, Jan 28, 2011 at 4:42 PM, Brian LaMere<br>
&lt;<a href="mailto:brian@cukerinteractive.com">brian@cukerinteractive.com</a>&gt; wrote:<br>
&gt; Anyone have luck setting up two-factor auth for Fedora in &quot;the Cloud&quot; -<br>
&gt; preferably, at AWS?  Yes, I got one of the token generators discussed<br>
&gt; at <a href="http://aws.amazon.com/mfa/" target="_blank">http://aws.amazon.com/mfa/</a><br>
&gt; However, those only appear to help with authentication to (per the faq):<br>
&gt;<br>
&gt; Secure pages on the AWS Portal (<a href="http://aws.amazon.com" target="_blank">http://aws.amazon.com</a>)<br>
&gt; AWS Management Console (<a href="https://console.aws.amazon.com" target="_blank">https://console.aws.amazon.com</a>)<br>
&gt;<br>
&gt; What if I need to multi-factor auth to the instances themselves?  Anyone<br>
&gt; know if there&#39;s a service out there that does this for Fedora (or RedHat,<br>
&gt; which can easily be made to work for...) instances in the &quot;cloud?&quot;<br>
&gt; I&#39;m used to doing this locally and then making the remote systems only allow<br>
&gt; access via a limited number of machines (which themselves do 2-factor).  I&#39;m<br>
&gt; now in a situation though with every workstation being outside the trust<br>
&gt; zone completely, VPN not being something that could change that (too many<br>
&gt; details...), and thus needing to accomplish the 2-factor in the cloud<br>
&gt; itself.  Most of the results from &quot;two factor authentication cloud&quot; I get<br>
&gt; are about cloud-based providers authenticating the local machines...versus<br>
&gt; what I need, which is a service that I can auth cloud-based machines against<br>
&gt; for the second factor.  I know of many industries that would *have* to have<br>
&gt; a 2-factor solution to use cloud instances, so surely my google-fu is just<br>
&gt; not working...anyone gone down this road themselves yet?<br>
&gt; Brian<br>
</div></div>&gt; _______________________________________________<br>
&gt; cloud mailing list<br>
&gt; <a href="mailto:cloud@lists.fedoraproject.org">cloud@lists.fedoraproject.org</a><br>
&gt; <a href="https://admin.fedoraproject.org/mailman/listinfo/cloud" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/cloud</a><br>
&gt;<br>
&gt;<br>
_______________________________________________<br>
cloud mailing list<br>
<a href="mailto:cloud@lists.fedoraproject.org">cloud@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/cloud" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/cloud</a><br>
</blockquote></div><br></div>