Re: user authentication for a secure laptop.
On 20/10/14 03:40, peter@easthope.ca wrote:
> In wheezy, is there a routine means of allowing "login" on
> the machine itself without a password,
Do you mean using fingerprints as local authentication??
> while keeping traditional
> password authentication for any remote login.
Do you mean passphrase authenticated remote logins?
> From a superficial
> understanding of PAM, I'd guess that it can provide this capability.
>
> Thanks, ... Peter E.
>
>
>
>
>
It depends on your definition of "secure". It's confusing in the context
that you use it. Could you expand on that please (do you have a
published standard you need to meet)??
By the definition of secure I'm familiar with - remote password
authenticated access is forbidden, so is local autologin, and
unencrypted drives. With single-user boxes (netbooks) LUKS is used as
login authentication - with auto user login. Remote login requires
passphrases (and enforces all domain ssh encryption).
Remote boot 'would' be possible (ssh server in initramfs) - but "secure"
but might be problematic without further explanation of the local
authentication method you will be deploying and standard of "secure".
Kind regards
Reply to: