> How can i get both user/password and certificate in the authentication
> process for vpn pptp with microsoft rras?
> Is there any other opensource vpn solution based on two-factor authentication?
I believe you can only choose one method. Microsoft recommends
MS-CHAPv2 or EAP [1,2]. If the remote setup conforms to best practice,
the certificate only becomes available (ie, decrypted from EFS) once
the user logs on. Setups such as 'home user works from personal PC' is
probably not a good idea.
Jeff
[1] Windows Security Resource Kit, ISBN 0-7356-1868-2, p. 436.
[1] PKI and Certificate Security, ISBN 0-7356-2516-6, p. 596.
On Wed, Nov 11, 2009 at 8:13 AM, self.away <self.away (at) gmail (dot) com [email concealed]> wrote:
> Hi.
> I'm trying to setup a remote access vpn (user dials up from home to
> our vpn server).The first goal was to set up a pptp vpn based on
> microsoft rras which turned out pretty easy.
> Now it has been required to add an extra layer of security to vpn
> authentication by adding a certificate which as far as i read it
> should be accomplished adding EAP authentication to our vpn pptp
> configuration.
> However it seems when adding EAP to vpn pptp ,authentication login to
> our VPN will only require certificate installed on remote vpn user
> workstation and not user/password.
> How can i get both user/password and certificate in the authentication
> process for vpn pptp with microsoft rras?
> Is there any other opensource vpn solution based on two-factor authentication?
>
> Thank you
>
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
> How can i get both user/password and certificate in the authentication
> process for vpn pptp with microsoft rras?
> Is there any other opensource vpn solution based on two-factor authentication?
I believe you can only choose one method. Microsoft recommends
MS-CHAPv2 or EAP [1,2]. If the remote setup conforms to best practice,
the certificate only becomes available (ie, decrypted from EFS) once
the user logs on. Setups such as 'home user works from personal PC' is
probably not a good idea.
Jeff
[1] Windows Security Resource Kit, ISBN 0-7356-1868-2, p. 436.
[1] PKI and Certificate Security, ISBN 0-7356-2516-6, p. 596.
On Wed, Nov 11, 2009 at 8:13 AM, self.away <self.away (at) gmail (dot) com [email concealed]> wrote:
> Hi.
> I'm trying to setup a remote access vpn (user dials up from home to
> our vpn server).The first goal was to set up a pptp vpn based on
> microsoft rras which turned out pretty easy.
> Now it has been required to add an extra layer of security to vpn
> authentication by adding a certificate which as far as i read it
> should be accomplished adding EAP authentication to our vpn pptp
> configuration.
> However it seems when adding EAP to vpn pptp ,authentication login to
> our VPN will only require certificate installed on remote vpn user
> workstation and not user/password.
> How can i get both user/password and certificate in the authentication
> process for vpn pptp with microsoft rras?
> Is there any other opensource vpn solution based on two-factor authentication?
>
> Thank you
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]