Comments on Manage two factor authentication in your serverfarm with privacyIDEA easily
Manage two factor authentication in your serverfarm with privacyIDEA easily In this howto I will show, how you can use a privacyIDEA installation to add two factor authentication for many of your servers in your serverfarm. privacyIDEA is a modular solution for two factor authentication especially with OTP tokens. Due to the modular structure it can be quickly and easily adapted and enhanced. E.g. adding new token types is as simple as writing a new lean python module. You do not need to modify your network for privacyIDEA, it does not write to existing databases or user stores. It only needs read access to your user stores like LDAP, Active Directory, SQL, SCIM-service or flat files. privacyIDEA supports all usual push-button-tokens, OTP cards and smartphone apps.
3 Comment(s)
Comments
What happens if I have to take the server temporarily out of the network for some maintenance? Will I be able to log in without Internet connection?
You are right. This is online-authentication like any other RADIUS authentication. I assume that the ssh server and the privacyIDEA server are on the same network. If the uplink is down, you can not reach your servers. If the switch is down, you have the same problem. So if you worry about shuting down the privaccyIDEA system more maintenance you are worrying for availability. So of course I recommend redundancy. Set up two systems with 2 radius servers and a synchronizing database. E.g. this is possible with a mysql master-master replication.
Kind
regards Cornelius
If you configured sshd right, you can still authenticate with ssh keys.