User Tools

Site Tools


doc:howto:wikid

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
doc:howto:wikid [2014/07/14 14:15]
nowen created
doc:howto:wikid [2017/01/19 14:05] (current)
stefanbaur ↷ Page moved from doc:deployment-stories:wikid to doc:howto:wikid
Line 1: Line 1:
-Remote access is often a risky proposition, mostly due to poor authentication. This document will show how simple it is to add two-factor authentication to X2Go on Ubuntu 12.04, thanks to it's support for PAM.  +Remote access is often a risky proposition, mostly [[https://www.wikidsystems.com/WiKIDBlog/dbir-once-again-makes-the-case-for-two-factor-authentication|due to poor authentication]]. This document will show how simple it is to add two-factor authentication to X2Go on Ubuntu 12.04, thanks to it's support for PAM.   
  
-We recommend organizations standardize on an authentication protocol and choose products and plan implementations around that choice.  We recommend RADIUS. All major remote access solutions support it.  You can tie in your directory infrastructure into the authentication process and all major two-factor authentication solutions support it, including WiKID.  Of course, PAM support radius. +We recommend organizations standardize on an authentication protocol and choose products and plan implementations around that choice.  We recommend RADIUS. All major remote access solutions support it.  You can tie in your directory infrastructure into the authentication process and all major two-factor authentication solutions support it, including [[https://www.wikidsystems.com|WiKID]].  Of course, PAM supports radius. 
  
 To install pam-radius on Ubuntu: To install pam-radius on Ubuntu:
Line 7: Line 7:
 ''$ sudo apt-get install libpam-radius-auth'' ''$ sudo apt-get install libpam-radius-auth''
  
-Now we just need to tell pam-radius where to proxy the authentication requests.  Edit the file /etc/pam_radius_auth.conf. Edit the line "other-server; other-secret 3"; replacing 'other-server' with IP address or hostname of your WiKID Strong Authentication server or radius server if you have one set up in between WiKID and your servers and change 'other-secret' the shared secret for this network client.+Now we just need to tell pam-radius where to proxy the authentication requests.  Edit the file /etc/pam_radius_auth.conf. Edit the line ''other-server; other-secret 3''; replacing 'other-server' with IP address or hostname of your WiKID Strong Authentication server or radius server if you have one set up in between WiKID and your servers and change 'other-secret' the shared secret for this network client.
  
 Now we need  to tell PAM to use radius for authentication for SSH/X2Go.   Now we need  to tell PAM to use radius for authentication for SSH/X2Go.  
Line 16: Line 16:
 ''auth       sufficient  pam_radius_auth.so'' ''auth       sufficient  pam_radius_auth.so''
  
 +Just above the line:
 +''# Standard Un*x authentication.
 +@include common-auth''
 +
 +That's all there is to it. Users will still need an account on the system.  Users will login with their username and the one-time passcode. 
 +
 +While we think you should use two-factor authentication (surprise, we sell it!).  This same setup can be used with [[https://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-openldap-and-freeradius?searchterm=freeradi|Freeradius/OpenLDAP]] and [[https://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-nps|NPS/AD]] to tie your authentications into your directory with or without two-factor.    
doc/howto/wikid.1405347323.txt.gz · Last modified: 2014/07/14 14:15 by nowen