[X2Go-Commits] [[X2Go Wiki]] page changed: doc:deployment-stories:wikid

wiki-admin at x2go.org wiki-admin at x2go.org
Thu Jan 19 15:05:25 CET 2017


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2017/01/19 14:05
Browser     : Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
IP-Address  : 78.43.90.159
Hostname    : HSI-KBW-078-043-090-159.hsi4.kabel-badenwuerttemberg.de
Old Revision: http://wiki.x2go.org/doku.php/doc:deployment-stories:wikid?rev=1405348881
New Revision: http://wiki.x2go.org/doku.php/doc:deployment-stories:wikid
Edit Summary: ↷ Page moved from doc:deployment-stories:wikid to doc:howto:wikid
User        : stefanbaur

@@ -1,24 +1 @@
- Remote access is often a risky proposition, mostly [[https://www.wikidsystems.com/WiKIDBlog/dbir-once-again-makes-the-case-for-two-factor-authentication|due to poor authentication]]. This document will show how simple it is to add two-factor authentication to X2Go on Ubuntu 12.04, thanks to it's support for PAM.   
  
- We recommend organizations standardize on an authentication protocol and choose products and plan
implementations around that choice.  We recommend RADIUS. All major remote access solutions support it.  You can tie in your directory infrastructure into the authentication process and all major two-factor authentication solutions support it, including [[https://www.wikidsystems.com|WiKID]].  Of course, PAM supports radius. 
- 
- To install pam-radius on Ubuntu:
- 
- ''$ sudo apt-get install libpam-radius-auth''
- 
- Now we just need to tell pam-radius where to proxy the authentication requests.  Edit the file /etc/pam_radius_auth.conf. Edit the line ''other-server; other-secret 3''; replacing 'other-server' with IP address or hostname of your WiKID Strong Authentication server or radius server if you have one set up in between WiKID and your servers and change 'other-secret' the shared secret for this network client.
- 
- Now we need  to tell PAM to use radius for authentication for SSH/X2Go.  
- 
- Edit the file /etc/pam.d/sshd.
- 
- Add the line:
- ''auth       sufficient 
pam_radius_auth.so''
- 
- Just above the line:
- ''# Standard Un*x authentication.
- @include common-auth''
- 
- That's all there is to it. Users will still need an account on the system.  Users will login with their username and the one-time passcode. 
- 
- While we think you should use two-factor authentication (surprise, we sell it!).  This same setup can be used with [[https://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-openldap-and-freeradius?searchterm=freeradi|Freeradius/OpenLDAP]] and [[https://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-add-two-factor-authentication-to-nps|NPS/AD]] to tie your authentications into your directory with or without two-factor.    


-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/



More information about the x2go-commits mailing list