Multi-factor authentication


 
Thread Tools Search this Thread
Operating Systems HP-UX Multi-factor authentication
# 1  
Old 02-22-2013
Multi-factor authentication

Is anyone here familiar with implementing multi-factor authentication on HP-UX 11.31? Either with a PIV card, or with an RSA token? We've been tasked with implementing this on our servers, but I'm not finding much in the way of products or information. To complicate matters, our servers are running in Trusted Mode.

Any leads are appreciated, thanks.
# 2  
Old 02-22-2013
All authentication is done by PAM.
Read man pam
# 3  
Old 02-22-2013
If you have the money for the tokens (I have carried many), the vendors help you get set up. I am not an SA focused guy.

Once, I proposed writing a free lightweight one where on top of the password, there was a challenge-response from a small database or flat file. You take a printout home and answer from that. Challenges get a one time use, so you need to generate a new set and print it out now and then. I guess you could put it in a file and automate it. What you have and what you know = 2 things. You might be able to set it up as a shell wrapper in passwd that demands the response before starting your shell.
# 4  
Old 02-25-2013
Quote:
Originally Posted by DGPickett
If you have the money for the tokens (I have carried many), the vendors help you get set up. I am not an SA focused guy.
I'm familiar with using tokens to authenticate a VPN network connection, but I have not seen them in use for authenticating users to an individual server, especially an HP-UX server running in Trusted Mode. I could call around to the vendors and see what they can offer, but was more curious if anyone here had already implemented such a thing, and what products they used, and what their opinions were on the solution.

Quote:
Originally Posted by DGPickett
Once, I proposed writing a free lightweight one where on top of the password, there was a challenge-response from a small database or flat file. You take a printout home and answer from that. Challenges get a one time use, so you need to generate a new set and print it out now and then. I guess you could put it in a file and automate it. What you have and what you know = 2 things. You might be able to set it up as a shell wrapper in passwd that demands the response before starting your shell.
That's a clever idea, and may even meet our requirement. Running in Trusted Mode however I think would rule that out. Trusted Mode is very different animal when it comes to user authentication.
# 5  
Old 02-26-2013
Why would trusted mode be different? It still lets users in with password to specified shell, if so configured, I expect, already, usually.
# 6  
Old 03-12-2013
Because trusted mode has a database of the users, and also restrictions for password aging, complexity requirements, and other things. And it shadows the passwd file.

Additionally, there are more than a few 3rd party applications that flat out don't work in Trusted Mode, and the application vendor does not support running in Trusted Mode.
# 7  
Old 03-12-2013
I am sure there are some behaviors for Trusted Mode after you log in, as some apps are not supported in int, but you mention things about login only.

My point is that by assigning a special shell to the account, you have an additional opportunity to apply access controls. I suppose that if stty processing is up before the shell, the tty might generate a signal, but the shell can handle that, and there is no other shell for it to break out to. The special shell can do additional authentication before exec*() of a normal shell or disconnect. It can even set a marker file for excess failed tries and lock the account.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Cybersecurity

Two Factor Authentication – Best for the UNIX/Linux Server Security

The UNIX/Linux server security is challenging because these servers are at a risk of getting compromised at any point of time by the attackers. In today's enterprise environment, the UNIX and Linux servers are growing popular. With their increased popularity, these servers have become the primary... (1 Reply)
Discussion started by: reve-secure
1 Replies

2. Shell Programming and Scripting

Help on writing data from 2 different files to one based on a common factor

Hello all, I have 2 text files. For example: File1.txt contains data A B C D ****NEXT**** X Y Z ****NEXT**** L M N and File2.txt contains data (13 Replies)
Discussion started by: vat1kor
13 Replies

3. Shell Programming and Scripting

shell, read table and write the value for each factor to output

Hey guyz, I have a table like this: 1 A=#;B=#;C=# 2 A=#;C=#;D=#;E=#;E=# 3 B=#;B=#;B=#;D=# # are just some numbers. I want to have the output like this: * 1 2 3 A # # NA B # NA # C # # NA D NA # # E NA # NA So basically, I wanna know in each of the rows in my input (which... (9 Replies)
Discussion started by: @man
9 Replies

4. Shell Programming and Scripting

How to substract selective values in multi row, multi column file (using awk or sed?)

Hi, I have a problem where I need to make this input: nameRow1a,text1a,text2a,floatValue1a,FloatValue2a,...,floatValue140a nameRow1b,text1b,text2b,floatValue1b,FloatValue2b,...,floatValue140b look like this output: nameRow1a,text1b,text2a,(floatValue1a - floatValue1b),(floatValue2a -... (4 Replies)
Discussion started by: nricardo
4 Replies

5. UNIX for Dummies Questions & Answers

factor [start[stop]

Another question for you guys! This is so fun. So I am playing around with the factor operation. I read in "man factor" that you can actually print a list of primes in between a range, using the syntax factor ] However, every time I enter two values, it just returns the factored value.... (1 Reply)
Discussion started by: statichazard
1 Replies

6. AIX

chvg -t (factor size) - risk?

have machine running AIX 4.3.3ML 11. It's rootvg has about 1GB of space available and is made up of 2 9GB drives. We are going to upgrade it to AIX 5.x but wanted more disk space for the upgrade. So was going to install 2 new 18GB drives. The plan was to bring the 2 18GB drives in as hdisk# and... (2 Replies)
Discussion started by: spattson
2 Replies

7. UNIX for Dummies Questions & Answers

My partition disappeared!!!! URGENT!! (newbie factor)

I just inst freeBSD boot installation and it didnt work for(probably my lack of knowledge) reasons but i now have to partitions in freeBSD and i really need them back for windows at the moment. i just cant find them. The bad thing is that i only got this bundled version of windows so i cant really... (2 Replies)
Discussion started by: riwa
2 Replies
Login or Register to Ask a Question