[Samba] OTP authentication
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Jan 14 07:49:24 MST 2015
If I were going to do this, I would probably try moving to a Windows
200x AD domain controller, and implementing RSA SecurID on that
machine. I have not worked with other OTP solutions.
As far as I understand, if Samba is configured as a domain controller,
it expects to be able to handle the authentication itself.
OTP is , in my opinion, most valuable when you are exposing resources to
the Internet (e.g. a remote access solution, web-based corporate e-mail
etc.)
On 01/13/15 17:24, the2nd wrote:
> I've read about using clear text passwords with samba. But i think
> technically it should be possible that samba hands over the
> authentication to another component. If you join samba to a windows
> domain it does exaclty this. If you joined a linux machine to a
> Windows Domain you can use winbind and ntlm_auth to authenticate third
> party Software like squid against the windows dc also with sso. I
> would like to use it the other way. If it would be possible that samba
> calls an external tool to do ntlm challenge response auth i could use
> it with OTPme. :)
>
> -------- Ursprüngliche Nachricht --------
> Von: Gaiseric Vandal
> Datum:01.13.2015 22:57 (GMT+01:00)
> An: samba at lists.samba.org
> Betreff: Re: [Samba] OTP authentication
>
> On 01/13/15 16:21, the2nd at otpme.org wrote:
> > hi,
> >
> > i would like to ask if it would be possible to use samba with one time
> > passwords. i know there are commercial and OSS solutions to do this
> > (e.g. http://pgina.org/) but i would prefer to do it without any
> > software that needs to be installed on windows.
> >
> > would this technically be possible or is this already possible?
> >
> > regards
> > the2nd
>
>
> Samba at one point allowed you to use pam authentication. Which
> makes me think that you could then use it with the the RSA securid
> client software (or radius modules) to talk back to a RSA SecurID
> server. It would require unencrypted passwords which would then add a
> new security risk.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list