What Kind Of Remote Authentication Do You Use?

Iphtashu Fitz asks: "I have worked for a number of companies that implement different types of security policies for remote access. This has ranged from simply setting up a PPTP server with static passwords to bastion hosts using authentication tokens like RSA Security's SecurID and CRYPTOCard's product by the same name. Most people agree that static passwords on a PPTP server aren't all that secure, and anyway it's not all that easy to integrate with Linux servers. SecurID and CRYPTOCard are much more secure because they use one-time passwords generated by hardware tokens. However, when I used SecurID it seemed that their tokens would regularly lose synchronization with the server (not to mention they would expire every two years or so and were expensive to replace). The CRYPTOCard keychain token doesn't have the synchronization problem that RSA's does but it's also a pain to use because of the way you enter a PIN into it. What kind of authentication system(s) do you use where you work? What do you like and hate about it? How would you make it better if you could?"

Kerberos

[finkployd]

Kerberos is generally the standard among Higher Education. PKI Certificate authentication is also explored quite a bit, but it suffers from being an architecture written almost entirely in Powerpoint.

We also use RSA Secure ID tokens, but only as a second form of auth and only required for highly sensitive operations.

We are also rolling out a web single sign on system which build off of Kerberos called Cosign.

Some of the more clueless departments (or those who simply do not know how to run anything else) are clamoring for a Windows Active Directory Domain, which we are going to provide, only it is going to be an authentication slave to our MIT Kerberos realm (There is no way in hell our access id and passwords will live on MS software)

Finkployd