Centrelink have developed a
Protocol for Lightweight Authentication of Identity (PLAID). This might work well with the
Yubikey open source hardware security device. Centrelink are holding
free workshops in the USA later in the month, to interest smartcard developers in PLAID. But they may not need to travel that far, as there are Yubikey developers meeting in Canberra, a few kilometres from the Centrelink office on "
Yubikeys in the Enterprise":
The next PSIG meeting is June 11th
Speaker- Bob Edwards
- Talk
Bob will be talking about programming systems to interface with the Yubikey.
During this presentation, Bob will be demonstrating:
- how a yubikey works
- how to reprogram a yubikey with your own AES 128-bit key and IDs
- an open source server he has written in C to authenticate yubikeys
- how to add yubikey authentication to a web site and to SSH (via PAM)
The yubikey server C code will be examined demonstrating
principles of:
- connecting to and querying a PostgreSQL database
- authenticating via Pluggable Authentication Modules (PAM)
- emulating an LDAP servers bind method
- performing Secure Socket Layer (SSL) communications
- other C stuff (logging errors etc., parsing a config file, going into daemon mode, avoiding global variables and gotos - just because, etc.)
All constructive criticism eagerly welcomed... (except for those saying "I could do that in 3 lines of Python...")
Any experts on autoconf/automake configuration especially welcome...
From: Canberra Linux Users Group, CLUG, 2009
The slides are available from Bob Edwards talk: "Yubikeys in the Enterprise".
ReplyDeleteAlso there is a discussion of security using such devices in the Canberra Lunux Mailing list.