More auth options

[David Nalley]

On Mon, Mar 30, 2009 at 2:12 PM, Matthew Galgoci <mgalgoci at redhat.com> wrote:
>> Date: Mon, 30 Mar 2009 12:57:23 -0500
>> From: Dennis Gilmore <dennis at ausil.us>
>> Reply-To: Fedora Infrastructure <fedora-infrastructure-list at redhat.com>
>> To: Fedora Infrastructure <fedora-infrastructure-list at redhat.com>
>> Subject: More auth options
>>
>> So doing a liitle looking around I cane across some options that look
>> interesting,  the following options would mean you need to physically have
>> something to login.
>>
>> yubikey
>> http://www.yubico.com/products/yubikey/
>> It would require a pam module and for us to setup a server for managing keys.
>> it looks to be fairly low cost.   it would implement a 2 facter
>> authentication.
>>
>> etoken
>> http://www.aladdin.com/etoken/devices/pro-usb.aspx
>>
>> it moves the public key from your hard drive to something you physically need
>> to have
>>
>>
>> ubikey is max USD$25 where  the etoken is probably at least USD$30.  I would
>> think that with yubikey we could work out a deal with them to get a discount
>> in return for us being a case study/prominent user of there product.  all of
>> the software for yubikey AFAICT is open source.  some of it would require
>> packaging.
>
> Just FYI, Aladdin refused, REFUSED to sell me 4 keys when I attempted
> to purchase them through CDW because I did have or want to have an
> Aladdin PKI Console software license. Nevermind that I didn't actually
> need their Console software or that Red Hat has a PKI management
> product.
>
> In my opinion, avoid Aladdin even if you can manage to get keys through
> a tertiary party.


+1 - Aladdin makes a lot of DRM (for software, not media (that I know
of)) stuff too; all the more reason to avoid them.

If Ubikey is supplying an open source stack to go with their hardware
that sounds a more logical fit for the Fedora Project, and a more
symbiotic relationship.