Educause Security Discussion mailing list archives
Re: Two Factor Windows Shares
From: Rich Graves <rgraves () CARLETON EDU>
Date: Thu, 25 Aug 2011 15:26:26 -0500
AD supports Token/client certificate based authentication. However once logged in things like "pass the hash" still work
OTP fobs for desktop login can be a good alternative to user-hostile password complexity rules, but they're not an additional network security layer. Depending on the threat/compliance goal, they could suffice. They (mostly) stop phishing and can be good answers to the "I'm going on vacation, here's my password" sort of problem. Joe: Yeah, Samba clients and servers support wrapping the whole session in SSL, possibly with client certs. Windows clients, though, don't. I think Samba added this in the mid-90's just because they could.
Current thread:
- Two Factor Windows Shares Daniel Bennett (Aug 22)
- Re: Two Factor Windows Shares Rich Graves (Aug 25)
- <Possible follow-ups>
- Re: Two Factor Windows Shares Joe St Sauver (Aug 25)
- Re: Two Factor Windows Shares Dan Peterson (Aug 25)
- Re: Two Factor Windows Shares Rich Graves (Aug 25)
- Re: Two Factor Windows Shares Dan Peterson (Aug 25)