[REDMINE ISSUE 22] Strong Auth/OTP Support

This forum is locked. Feature requests have been moved to JIRA.

[REDMINE ISSUE 22] Strong Auth/OTP Support

Postby flavio.vettori » Fri May 20, 2011 5:27 am

Hi all,
it would be nice to have support for some dialog box asking for one time password token, usually used to merge with simple password (the one stored in mRemote profile) in strong auth systems.

Thank you,

Flavio
flavio.vettori
 
Posts: 5
Joined: Fri May 20, 2011 2:27 am

[REDMINE ISSUE 22] Strong Auth/OTP Support

Sponsor
 

Re: Strong Auth/OTP Support

Postby thrilleratplay » Wed May 25, 2011 3:25 pm

What you are looking for is just a single password for encrypting passwords and nothing more? I am curious if it is just the connection conf file you are worried about or locking mRemoteNG to prevent others from accessing it when at a physical open workstation?

We hope to add in more support for other forms of storing connection information such as complete SQL Server support, mySQL and Access. With these there would be the option to store the password locally or to prompt for it when opening mRemoteNG. For XML files, I was thinking about allowing the user to encrypt the entire file by hashing it using their own password but there would need to be a great deal of testing done and safeguard of some sort added.
User avatar
thrilleratplay
 
Posts: 91
Joined: Wed Jan 12, 2011 9:21 pm

Re: [REDMINE ISSUE 22] Strong Auth/OTP Support

Postby flavio.vettori » Mon Jun 13, 2011 1:52 am

Sorry I wasn't checkin forum for a while so I missed you're reply.

Let me try to explain, even if this ain't my focus so I might be a little confusing (hope not)

In a strong authentication environment you cannot user a stored user/password couple to authenticate against a database: given this statement one solution is to adopt a One Time Password framework where usually the user is given a physical token-generator which algorithm is shared with a server-side machine;

when the user tries to gain access to the system tipically he must enter logon information based on username, unique and always known, and a password created from the merge of a pass-phrase and the "on-time-token".
So:

-user= user1
-password=abc321
-randomtoken=?????
-logonpassword=abc321+??????

Every time I log into a system I need to provide that form of "logonpassword" where "abc321" can be saved into mremoteng but "randomtoken" has to be ask every time..

Hope I was able to explain

Thank you,
Flavio
flavio.vettori
 
Posts: 5
Joined: Fri May 20, 2011 2:27 am

Re: [REDMINE ISSUE 22] Strong Auth/OTP Support

Postby thrilleratplay » Mon Jun 13, 2011 6:58 pm

I think I understand.

I used to login using a Cisco VPN key fob system. To access the network, I entered a username, and for the password it was a four digit pin and a 6 digit token that generated every 10 seconds on a keyfob I had on me. Without the generated token for that 10 second window, I would not be able to login using the user name and pin.

This type of system this is implemented on it is typically manufactured by a network security company (Cisco, RSA,...). This is more of a VPN tunnel and I can not see this being added to mRemote. There are many different remote systems and vpn types to be able to implement or support it.
User avatar
thrilleratplay
 
Posts: 91
Joined: Wed Jan 12, 2011 9:21 pm

Re: [REDMINE ISSUE 22] Strong Auth/OTP Support

Postby rmcardle » Mon Jun 13, 2011 8:49 pm

There are some systems that work by just adding the OTP to the end of a normal password. That could be accommodated by mRemoteNG, but I'll have to think about the UI design for configuring that.
User avatar
rmcardle
Site Admin
 
Posts: 459
Joined: Thu Jan 07, 2010 3:40 pm

Re: [REDMINE ISSUE 22] Strong Auth/OTP Support

Postby flavio.vettori » Tue Jun 14, 2011 4:43 am

Actually we're using this method to access every machine in our systems which can rely on an external authentication authority (radius, tacacs, kerberos) such appliances, servers, devices..that means rdp, ssh or telnet sessions.

This situation made me hunt a workaround for a while: the fix in my case was to keep mremoteng as database for classic username/pw couples but to refer at a custom external app (with some scripting support, even a .vbs) for everything about the connection type, basing choice on "Port" parameter.

So I run my ext_app from "mremoteng command line" passing %hostname% %username% %password% %port% to a script, popping OTP request and so on. Ugly solution.

Thanks, bye
flavio.vettori
 
Posts: 5
Joined: Fri May 20, 2011 2:27 am

Re: [REDMINE ISSUE 22] Strong Auth/OTP Support

Postby ctux » Wed Jul 20, 2011 12:40 am

+1

Even in some of my cases would be very convenient a popup that asks for a password (or OTP), used alone or as a suffix with a previously saved.

I would like the implementation of this feature! ;-)
ctux
 
Posts: 1
Joined: Fri May 20, 2011 1:47 am


Return to Feature Requests

Who is online

Users browsing this forum: Google [Bot] and 1 guest

cron