[sudo-users] LDAP Password Security
Michael Ströder
michael at stroeder.com
Tue Apr 7 13:03:41 MDT 2020
On 4/7/20 5:09 PM, LE BOUTER Leo wrote:
> TOTP for sudo auth sounds good, as long as the TOTP private key isnt
> on each and every server.
Yes, the shared secrets have to be stored in a central location and
validated there remotely.
But if your central 2FA solution takes the OT (one-time) in TOTP serious
you cannot use a TOTP value with clusterssh, ansible or whatever. It
gets even more complicated if your 2FA solution has multiple instances
for HA and your target systems access different instances.
Ciao, Michael.
More information about the sudo-users
mailing list