On 8/25/2014 11:12 AM, ma...@mohawksoft.com wrote: > With openvpn you can enable two-factor authentication and a lot more > security.
You can do this with SSH, too. It's called "UsePAM" in OpenSSH, compiling Dropbear with PAM enabled, etc., plus appropriate PAM modules. Then there's Kerberos. Verifiable trust is fundamental to Kerberos. This makes it more secure than X.509 which relies on root certificate authorities which, by design, cannot be verified to be trustworthy. If you Kerberize your services then you can use LDAP to manage access control to those services, and you can do it as finely or as coarsely as you want. Put them all together and you have an authentication and access control system that makes OpenVPN look like a bad joke. What traditional VPN servers have over this is that they're easier to add to existing infrastructure than Kerberizing existing infrastructure. -- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss