two-factor auth for Fedora in "the cloud?"
Brian LaMere
brian at cukerinteractive.com
Sat Jan 29 04:33:32 UTC 2011
Yeah, I guess it's not really cloud specific, other than the idea that it's
for remote systems that are in networks I don't control, and it needs to be
a setup that is easily replicated/deployed...you know, like an AWS instance,
or such ;)
I had looked around for a pam module for the google auth not terribly long
ago and didn't find anything that was outside of alpha-level stuff.
Brian
On Fri, Jan 28, 2011 at 6:36 PM, Jeremy Katz <katzj at fedoraproject.org>wrote:
> Right, the AWS two factor auth is just for access to their stuff and
> not at all related to instance auth.
>
> You basically want anything that can be used for two factor auth in
> Fedora? The Yubikeys should work (http://www.yubico.com/yubikey) and
> I also vaguely remember that Google released a library with a pam
> module for their two factor auth a few months ago although I'm not
> finding a link to it in a quick check
>
> - Jeremy
>
> On Fri, Jan 28, 2011 at 4:42 PM, Brian LaMere
> <brian at cukerinteractive.com> wrote:
> > Anyone have luck setting up two-factor auth for Fedora in "the Cloud" -
> > preferably, at AWS? Yes, I got one of the token generators discussed
> > at http://aws.amazon.com/mfa/
> > However, those only appear to help with authentication to (per the faq):
> >
> > Secure pages on the AWS Portal (http://aws.amazon.com)
> > AWS Management Console (https://console.aws.amazon.com)
> >
> > What if I need to multi-factor auth to the instances themselves? Anyone
> > know if there's a service out there that does this for Fedora (or RedHat,
> > which can easily be made to work for...) instances in the "cloud?"
> > I'm used to doing this locally and then making the remote systems only
> allow
> > access via a limited number of machines (which themselves do 2-factor).
> I'm
> > now in a situation though with every workstation being outside the trust
> > zone completely, VPN not being something that could change that (too many
> > details...), and thus needing to accomplish the 2-factor in the cloud
> > itself. Most of the results from "two factor authentication cloud" I get
> > are about cloud-based providers authenticating the local
> machines...versus
> > what I need, which is a service that I can auth cloud-based machines
> against
> > for the second factor. I know of many industries that would *have* to
> have
> > a 2-factor solution to use cloud instances, so surely my google-fu is
> just
> > not working...anyone gone down this road themselves yet?
> > Brian
> > _______________________________________________
> > cloud mailing list
> > cloud at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/cloud
> >
> >
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/cloud/attachments/20110128/50ca8373/attachment.html>
More information about the cloud
mailing list