Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [two-factor-authentication]

33 questions
11
votes
1 answer

U2F (YubiKey, etc) and Active Directory

I'm searching for information about how to integrate U2F (using YubiKey or similar devices) into an Active Directory Windows Domain (Will be a Windows 2016 Server). Especially I'm interested in securing the windows logon to workstations/servers to…
Fionn
  • 475
  • 5
  • 14
5
votes
2 answers

2FA via freeRADIUS, ignoring password

I've been tasked with setting up freeRADIUS to prompt a user for their second authentication factor (eg. Google Authenticator OTP) BUT without first checking the user's password. I'm coming into this completely blind, with no prior RADIUS…
Jeedee
  • 121
  • 1
  • 5
4
votes
0 answers

Setup 2FA/MFA on Jenkins

I'm trying to find how to setup 2FA/MFA on users who login to Jenkins, with Google Authenticator. Everything I'm finding is about logins to servers/git/etc, but not for the actual USERS in Jenkins. Does anyone know how to do this?
Nuno
  • 461
  • 1
  • 5
  • 23
2
votes
1 answer

is sharing the same TOTP across multiple servers any less secure?

Are there ("not insignificant") security implications to using the same OTP secret across multiple servers? On my network, I'm running gitlab-ce, nextcloud, and LTB self-service password among a few other services. GL and NC both support 2FA via…
r2evans
  • 125
  • 8
2
votes
1 answer

How to Configure Roundcube/Dovecot for *Effective* 2-Factor Authentication

There are several Roundcube plugins that provide two-factor authentication. However, the issue I now see is that I can still simply log in via IMAP/SMTP, without 2-FA (obviously). 2-FA is (effectively) useless here. I thought I could solve this…
Jocbe
  • 31
  • 1
  • 5
1
vote
0 answers

Can I manage an Azure Active Directory (AD) guest user's multi-factor authentication (MFA)?

We have a guest user in our Azure Active Directory who has lost their mobile phone and is unable to sign-in using the multi-factored authentication. Is it possible for us, as admins of the Azure tenant, to manage their MFA settings? We tried…
DRVR
  • 136
  • 5
1
vote
1 answer

Enforce 2FA on user accounts used in Cloud IAM

I have a GCP project where I work with people external to my team. For the moment I assigned them Cloud IAM roles, in order to give them permissions to different parts of the project. But I was asking myself if is it possible to force those users to…
R.Sicart
  • 199
  • 1
  • 7
1
vote
1 answer

Using ADFS in Windows 2012 R2 with Azure Multi-factor Authentication

Thanks in advance for reading this. I want to require users to use the Azure mobile app for multifactor authentication when they log on to their Office 365 mailboxes. I do not need to use MFA to secure any other resources. I have ADFS on Windows…
John Allen
  • 11
  • 1
  • 2
1
vote
0 answers

Authenticate openvpn clients by certificate OR user/pass

I configured my openvpn server to authenticate clients with user/pass (ldap) and OTP/2FA (google authenticator). It works fine! I have osx clients that use Tunnelblick as openvpn client and it doesn't support OTP/2FA. So I would need to use TLS…
Francis
  • 381
  • 2
  • 6
  • 17
1
vote
1 answer

Can you use the same Gemalto MFA fob for multiple AWS accounts?

I control multiple AWS accounts. I'd like to use MFA for the root logins. I have a Gemalto hardware key fob from Amazon (docs) registered for MFA for the root account on one of them. I tried to add MFA to a second account using the same key fob, but…
Rich
  • 626
  • 11
  • 28
1
vote
0 answers

Setting up Apache 2.4 reverse proxy with SSL and authentication both on proxy AND backend

Goal: a client authenticates against apache 2.4 reverse proxy with OTP (AuthType basic), is then forwarded to the backend server (apache 2.2) where further individual authentication is required (Kerberos). Client gets access after both factors…
MarkHelms
  • 171
  • 5
  • 15
1
vote
2 answers

Two factor authentication for password login but not for login using keys files

I configured ssh to using keys files situated in ~/.ssh to login. Now I'd like to install a two factor authentication when using password, but not required when using key files. I've seen how to install two factor authentication here: DigitalOcean:…
Nicox11
  • 11
  • 3
1
vote
1 answer

linOTP to openVPN authentication ubuntu 12.04

I am working on a project in which I have to install a one-time password authentication. I have successfully installed openVPN to which I can connect without any authentication. I have installed the OTP software linOTP which I have connected to my…
Jakob Olsson
  • 11
  • 2
1
vote
2 answers

Two factor SSH authentication on multiple servers

I am a newbie when it comes to Two factor authentication. I have the general idea of implementing two factor authentication on a single server. But I was wondering if there is a standard solution for implementing it on multiple servers. SCENARIO:…
MaK
  • 111
  • 2
1
vote
1 answer

Enforcing 2FA configuration on next SSH login for every user

I have found numerous tutorials on how to enable 2FA (TOTP, RFC 6238) but is there also a way to force SSH users to configure it on the first login? (I am using OpenSSH server) I guess I could create a script that runs everytime and checks whether a…
phk
  • 65
  • 9
1
2 3