Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] vnc

On 8/25/2014 11:12 AM, markw at wrote:
> With openvpn you can enable two-factor authentication and a lot more
> security.

You can do this with SSH, too. It's called "UsePAM" in OpenSSH,
compiling Dropbear with PAM enabled, etc., plus appropriate PAM modules.

Then there's Kerberos. Verifiable trust is fundamental to Kerberos. This
makes it more secure than X.509 which relies on root certificate
authorities which, by design, cannot be verified to be trustworthy.

If you Kerberize your services then you can use LDAP to manage access
control to those services, and you can do it as finely or as coarsely as
you want.

Put them all together and you have an authentication and access control
system that makes OpenVPN look like a bad joke. What traditional VPN
servers have over this is that they're easier to add to existing
infrastructure than Kerberizing existing infrastructure.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /