On Mon, Oct 14, 2013 at 10:45:10PM +0200, Alan McKinnon wrote > Access to my backend network is two-factor - ssh keys and decent > passwords.
That is *NOT* Two-factor authentication. See http://en.wikipedia.org/wiki/Multi-factor_authentication for the details. Executive summary... Two-factor authentication requires you to present two authentication factors each time. I.e. it's A *AND* B. Your setup is A *OR* B. The usual implimentations include 2 factors... 1) userID+password 2) a small credit-card-sized unit that generates random-looking multi-digit numbers that change every minute. In order to logon the user must enter both the userID+password combo *AND* the current number on the token card. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
