Educause Security Discussion mailing list archives
Two factor authentication questions
From: "Wayne J. Hauber" <wjhauber () IASTATE EDU>
Date: Tue, 13 Oct 2009 11:14:43 -0500
My IT organization is considering two factor authentication. We have not been able to implement a central PKI environment. Lacking a central certificate structure, we decided to begin the project with a review of products that use tokens with rapidly changing passwords. We completed a very detailed review of a product that used password tokens and provided limited integration with Windows/Active Directory but very good integration with RACF. The first product was substandard. We will be reviewing RSA's product next. A few us old-time Windows consultants have been critical of solutions that grafted their own GINA (login environment) and schema onto Windows Active Directory. These products didn't offer a very comprehensive solution. Some solutions were very Windows-centric and ignored IBM RACF, Mac OS and Linux. We need to consider all of these systems too. We suspect that our first recipients of two factor authentication will be important system admins and important campus data stewards. That user group has not been finalized. A number of you have been using two factor authentication for a long time. I have questions: 1. What product are you using? 2a. Does it use native Windows two factor authentication support? 2b. Or does it require you to push out a separate GINA (login interface) and special active directory schema changes? 3. Is it a Windows only product? Or will it handle Linux, Mac OS and IBM RACF too? 4. Finally, what sort of initial user group have you chosen for the project? (for example: System admins only?, system admins and important data stewards?, all of campus?) Your experience will be valuable to our 2 factor authentication committee. Wayne Hauber (515) 294-9890 GCWN GCFA Information Technology Services IT Security and Policies 297 Durham Center, ISU, Ames, Iowa 50011 wjhauber () iastate edu
Current thread:
- Two factor authentication questions Wayne J. Hauber (Oct 13)
- <Possible follow-ups>
- Re: Two factor authentication questions Scott Dier (Oct 13)
- Re: Two factor authentication questions Greg Vickers (Oct 13)
- Re: Two factor authentication questions Mike Wiseman (Oct 14)