Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two Factor Windows Shares

From: Dan Peterson <drpeterson () ES NET>
Date: Thu, 25 Aug 2011 09:39:09 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AD supports Token/client certificate based authentication.
However once logged in things like "pass the hash" still work,

I would ask of the original poster what problem is being solved here?

 
- --
Dan

- -----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joe St Sauver
Sent: Thursday, August 25, 2011 9:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Two Factor Windows Shares

Regarding:


I want to have a file server (preferably Windows) where the shares are 
protected by two factor authentication. The share would have 
permissions assigned to Active Directory users as a normal file share 
would. But if the user goes to the share I want it to prompt them for 
non-AD credentials such as a finger print.


I'm not a Samba person myself, and maybe not exactly what you were looking
for, but it looks like Samba supports use of client certificates as an
authentication option, see for example
http://oreilly.com/openbook/samba/book/appa_05.html

Regards,

Joe


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.1.2 (Build 9)
Charset: US-ASCII

wj8DBQFOVnq05chTNtilRz8RAlsAAKCtYy3aLMkpo1/vlMJqk9e1VJjyaQCgmRLt
xmmFfM7qNu7krRi0jWiA9k8=
=z0BA
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: