[pve-devel] Two-Factor Authentication
Dietmar Maurer
dietmar at proxmox.com
Fri Jun 20 08:23:00 CEST 2014
> There are also other ways to implement two-factor authentication such as
> OATH TOTP (Google Authenticator) which is supported by many applications.
> The trend seems to be using apps or smartphones to implement TOTP.
> Malware will just start stealing the keys from phones making that method
> useless.
>
> Ideally Proxmox would implement Yubikeys and OATH TOTP as two-factor
> authentication options.
> Yubikey: API is down, your locked out
> OATH TOTP: Clocks out of sync, your locked out
I think about adding an 'oath' property in /etc/pve/datacenter.cfg
oath: server=server_ip_or_dns_name,type=yubicloud,api_id=...,api_key=...
Should be possible to support different types of validation servers (yubicloud, yubiserve)
Are there other important validation server types?
More information about the pve-devel
mailing list