Re: combine pam-usb and pam-ldapd ?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: combine pam-usb and pam-ldapd ?
- From: Hatem Nassrat <hnassrat [at] gmail.com>
- To: Karl Kashofer <karl.kashofer [at] gmx.at>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: combine pam-usb and pam-ldapd ?
- Date: Mon, 12 Dec 2011 11:54:36 -0400
On Mon, Dec 12, 2011 at 4:09 AM, Karl Kashofer <karl.kashofer@gmx.at>
wrote:Thanks for the fast replies, Hatem, Tim and Arthur !
> Yes, what i want is central user management on the server and easy and secure
> authentication on clients.
>
> We would create users on the server and issue usb-sticks with keys to
> employees. The stick contains a secret that together with the secret on the
> server allows the identification, authentication and login without any user
> intervention (or alternatively with a password to unlock the key).
>
> pam-usb seems to store one-time pads on the usb-stick, but anything that
> allows to identify the user in a secure way should suffice.
>
> With the sticks the user can unlock any machine on the network, which then
> mounts their ~home. Basically its like a smartcard solution, just without
> smartcard.
I believe from what I read (the actual pamusb site seems to be non
responsive) is that pam-usb stores the user keys in the user's home
directories. The following bug report hints to that:\
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495916
>From the bug report, it seems that installing the following should do
what you want:
pam-usb
pam-ldap
autofs
Where autofs is setup to automatically mount the users home
directories ( check out auto_home
http://www.linux-consulting.com/Amd_AutoFS/autofs-5.html )
I am not 100% sure if this is how pam-usb works but it sees like this
would do it.
Thanks,
--
Hatem Nassrat
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Re: combine pam-usb and pam-ldapd ?, (continued)
