[Discuss] vnc
Richard Pieri
richard.pieri at gmail.com
Mon Aug 25 12:05:55 EDT 2014
On 8/25/2014 11:12 AM, markw at mohawksoft.com wrote:
> With openvpn you can enable two-factor authentication and a lot more
> security.
You can do this with SSH, too. It's called "UsePAM" in OpenSSH,
compiling Dropbear with PAM enabled, etc., plus appropriate PAM modules.
Then there's Kerberos. Verifiable trust is fundamental to Kerberos. This
makes it more secure than X.509 which relies on root certificate
authorities which, by design, cannot be verified to be trustworthy.
If you Kerberize your services then you can use LDAP to manage access
control to those services, and you can do it as finely or as coarsely as
you want.
Put them all together and you have an authentication and access control
system that makes OpenVPN look like a bad joke. What traditional VPN
servers have over this is that they're easier to add to existing
infrastructure than Kerberizing existing infrastructure.
--
Rich P.
More information about the Discuss
mailing list