On Mon, Mar 30, 2009 at 2:12 PM, Matthew Galgoci <mgalgoci(a)redhat.com> wrote:
> Date: Mon, 30 Mar 2009 12:57:23 -0500
> From: Dennis Gilmore <dennis(a)ausil.us>
> Reply-To: Fedora Infrastructure <fedora-infrastructure-list(a)redhat.com>
> To: Fedora Infrastructure <fedora-infrastructure-list(a)redhat.com>
> Subject: More auth options
>
> So doing a liitle looking around I cane across some options that look
> interesting, the following options would mean you need to physically have
> something to login.
>
> yubikey
>
http://www.yubico.com/products/yubikey/
> It would require a pam module and for us to setup a server for managing keys.
> it looks to be fairly low cost. it would implement a 2 facter
> authentication.
>
> etoken
>
http://www.aladdin.com/etoken/devices/pro-usb.aspx
>
> it moves the public key from your hard drive to something you physically need
> to have
>
>
> ubikey is max USD$25 where the etoken is probably at least USD$30. I would
> think that with yubikey we could work out a deal with them to get a discount
> in return for us being a case study/prominent user of there product. all of
> the software for yubikey AFAICT is open source. some of it would require
> packaging.
Just FYI, Aladdin refused, REFUSED to sell me 4 keys when I attempted
to purchase them through CDW because I did have or want to have an
Aladdin PKI Console software license. Nevermind that I didn't actually
need their Console software or that Red Hat has a PKI management
product.
In my opinion, avoid Aladdin even if you can manage to get keys through
a tertiary party.
+1 - Aladdin makes a lot of DRM (for software, not media (that I know
of)) stuff too; all the more reason to avoid them.
If Ubikey is supplying an open source stack to go with their hardware
that sounds a more logical fit for the Fedora Project, and a more
symbiotic relationship.