Re: Debian two-factor auth, GSoC?
On 11/04/13 21:25, Tollef Fog Heen wrote:
> ]] Luca Filipozzi
>
>> I can help with a GSoC but I think DSA would prefer to lean in the direction of
>> the above.
>
> I'm also happy to help with it. I have a bit of experience with the
> yubikey tokens, and at least one of the upstreams is on the path to
> DDship, so I think we're reasonably well covered there.
Simon has actually asked me to review his Yubikey related packages, they
are on mentors already and any other reviews would be really helpful for
something like this:
http://mentors.debian.net/package/yubikey-ksm
http://mentors.debian.net/package/yubikey-val
>> Finally, if we are going to require DDs to have a physical object, I'm more in
>> favour of an OpenPGP token than an OTP token. The OpenPGP token could then
>> power gpg (yes, Luca, we get that :) ) and act as an ssh-agent. Couple that
>> with OTP, and we have quite strong overall solution, I think.
>
> The Yubikey neo can run the java applet thingies, it seems, so it can
> act as a GPG token too.
>
My dynalogin 0.9 packages in wheezy only support HOTP, but the 1.0
release (currently parked in experimental) supports TOTP too. dynalogin
isn't really an algorithm itself, it is just a transport mechanism for
using this stuff within a distributed environment. Underneath, it is
Simon's oath-toolkit library doing the algorithms.
As for the GSoC project, the packages mentioned on the wiki are just
examples and the scope is potentially quite broad
Reply to: