Re: user authentication for a secure laptop.

To: debian-user@lists.debian.org
Subject: Re: user authentication for a secure laptop.
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Mon, 20 Oct 2014 07:04:41 +1100
Message-id: <[🔎] 54441959.3040501@gmail.com>
In-reply-to: <[🔎] E1XftWl-0000pt-Ow@armada.invalid>
References: <[🔎] E1XftWl-0000pt-Ow@armada.invalid>

On 20/10/14 03:40, peter@easthope.ca wrote:
> In wheezy, is there a routine means of allowing "login" on 
> the machine itself without a password, 

Do you mean using fingerprints as local authentication??

> while keeping traditional 
> password authentication for any remote login.  

Do you mean passphrase authenticated remote logins?

> From a superficial 
> understanding of PAM, I'd guess that it can provide this capability.
> 
> Thanks,                         ... Peter E.
> 
> 
> 
> 
> 

It depends on your definition of "secure". It's confusing in the context
that you use it. Could you expand on that please (do you have a
published standard you need to meet)??

By the definition of secure I'm familiar with - remote password
authenticated access is forbidden, so is local autologin, and
unencrypted drives. With single-user boxes (netbooks) LUKS is used as
login authentication - with auto user login. Remote login requires
passphrases (and enforces all domain ssh encryption).

Remote boot 'would' be possible (ssh server in initramfs) - but "secure"
but might be problematic without further explanation of the local
authentication method you will be deploying and standard of "secure".

Kind regards

Reply to:

Follow-Ups:
- Re: user authentication for a secure laptop.
  - From: peter@easthope.ca

References:
- user authentication for a secure laptop.
  - From: peter@easthope.ca

Prev by Date: Re: linux-image-3.16-3-amd64
Next by Date: Re: Moderated posts?
Previous by thread: user authentication for a secure laptop.
Next by thread: Re: user authentication for a secure laptop.
Index(es):
- Date
- Thread