[Samba] OTP authentication
the2nd at otpme.org
the2nd at otpme.org
Wed Jan 14 09:53:59 MST 2015
it's not a certain project that i need this for. its a general question
if this would be possible. i think OTPs are a good idea, also for
maybe some of the samba devs can shed some light on this?
On 2015-01-14 15:49, Gaiseric Vandal wrote:
> If I were going to do this, I would probably try moving to a Windows
> 200x AD domain controller, and implementing RSA SecurID on that
> machine. I have not worked with other OTP solutions.
> As far as I understand, if Samba is configured as a domain controller,
> it expects to be able to handle the authentication itself.
> OTP is , in my opinion, most valuable when you are exposing resources
> to the Internet (e.g. a remote access solution, web-based corporate
> e-mail etc.)
> On 01/13/15 17:24, the2nd wrote:
>> I've read about using clear text passwords with samba. But i think
>> technically it should be possible that samba hands over the
>> authentication to another component. If you join samba to a windows
>> domain it does exaclty this. If you joined a linux machine to a
>> Windows Domain you can use winbind and ntlm_auth to authenticate third
>> party Software like squid against the windows dc also with sso. I
>> would like to use it the other way. If it would be possible that samba
>> calls an external tool to do ntlm challenge response auth i could use
>> it with OTPme. :)
>> -------- Ursprüngliche Nachricht --------
>> Von: Gaiseric Vandal
>> Datum:01.13.2015 22:57 (GMT+01:00)
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] OTP authentication
>> On 01/13/15 16:21, the2nd at otpme.org wrote:
>> > hi,
>> > i would like to ask if it would be possible to use samba with one time
>> > passwords. i know there are commercial and OSS solutions to do this
>> > (e.g. http://pgina.org/) but i would prefer to do it without any
>> > software that needs to be installed on windows.
>> > would this technically be possible or is this already possible?
>> > regards
>> > the2nd
>> Samba at one point allowed you to use pam authentication. Which
>> makes me think that you could then use it with the the RSA securid
>> client software (or radius modules) to talk back to a RSA SecurID
>> server. It would require unencrypted passwords which would then add
>> new security risk.
>> -- To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba