Documents in NSS

PAM & OpenOTP

How To Install and Configure PAM OpenOTP Plugin to Enable Multifactor Authentication on Linux Machines Simple login flow Push Login flow 1. Background On Unix-like systems, processes such as the OpenSSH daemon need to authenticate the user and learn a few things about him or her (user ID, home directory, …). Authentication is done through a mechanism called Pluggable Authentication Modules, and retrieving information about users (or even groups, host names, …) is done through another mechanism, called the Name Service Switch.

SpanKey SSH Key Management

1. Overview SpanKey is a centralised SSH key server for OpenSSH, which stores and maintains SSH public keys in a centralised LDAP directory (i.e. Active Directory). With SpanKey there is no need to distribute, manually expire or maintain the public keys on the servers. Instead the SpanKey agent is deployed on the servers and is responsible for providing the users’ public keys on-demand. SpanKey server provides per-host access control with “server tagging”, LDAP access groups, centralized management from the RCDevs WebADM console, shared accounts, privileged users (master keys), recovery keys… It supports public key expiration with automated workflows for SSH key renewal (via Self-Services).