Security Basics mailing list archives

Single sign on

From: "Niall O Malley (LMI)" <Niall.OMalley () eei ericsson se>
Date: Mon, 9 Dec 2002 09:54:42 +0100

Does anyone have any good links for a single sign on solution. Any material would also be appreciated.

regards

Niall

-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de]
Sent: Friday, December 06, 2002 6:51 AM
To: security-basics () lists securityfocus com
Subject: Re: RE: How to authentificate an user via telephon?

Darryl,

the Programm PasswordStation sounds really great - if the costumer have a single sign on it would be the best solution!

Robert

"Darryl  W. Malcolm" <DMalcolm () acuent com> schrieb am 05.12.02 23:26:23:

Avatier has a product which would allow users to reset their own passwords

-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de]
Sent: Wednesday, December 04, 2002 1:51 PM
To: security-basics () lists securityfocus com
Subject: AW: How to authentificate an user via telephon?

Thanks for all replies! 

For me it ist a very hard question because I don't 
know where all of the up to 20.000 clients are 
located - there are also RAS users with tokens
ode PKI chipcards. The other problem is that all
clients are employed by bank institutes and so 
passwords are more critical than in other cases

I thought about th following procedurs:

- help desk has two telephone numbers
- the client will get a call back from help
desk

Well, lets see.

Robert

-----Ursprungliche Nachricht-----
Von: bsm14096 () ad creighton edu [mailto:bsm14096 () ad creighton edu]
Gesendet: Mittwoch, 4. Dezember 2002 18:43
An: Robert Sieber; security-basics () lists securityfocus com
Betreff: RE: How to authentificate an user via telephon?


Robert,

In a past life we would send the new password to a known email address
for the person whose account is reset. If email is not available we
would leave the reset password on the users voice mail.  Both systems
would only be accessible by the person whose account is reset.  If
someone other than the owner of the account requests a reset, the
account is still safe, assuming email and vmail are secure.

Bryan

-----Original Message-----
From: Robert Sieber [mailto:rsieber () web de] 
Sent: Tuesday, December 03, 2002 12:50 PM
To: security-basics () lists securityfocus com
Subject: How to authentificate an user via telephon?

Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you 
has to determin wheter the user is the correct 
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

-- 
http://board.protecus.de - Firewalls, Security and more ...



______________________________________________________________________________
Wie ware das: mehrere E-Mail Adressen - aber nur ein Postfach ?
Kein Problem mit WEB.DE FreeMail - http://freemail.web.de/features/?mc=021127

Current thread:

Single Sign on Niall O Malley (LMI) (Dec 09)
- Re: Single Sign on Todd Plesco (Dec 09)
- RE: Single Sign on Rick Darsey (Dec 09)
- Re: Single Sign on corea2k (Dec 10)
- <Possible follow-ups>
- Single sign on Niall O Malley (LMI) (Dec 09)
  - RE: Single sign on Sarbjit Singh Gill (Dec 10)
  - RE: Single sign on Colleen Nelson (Dec 11)
- RE: Single sign on Vachon, Scott (Dec 10)
- RE: Single Sign on Lam.KW (Dec 10)