Max Clark wrote: > Hi all, > > I need to develop a secure way for our staff/outside contractors to be able > to securely connect (via SSH - rdesktop/vnc in the future) to our internal > and customer systems. We do need heterogeneous client system support (BSD, > Linux, Solaris, Windows, etc..?) with whatever solution is deployed. > > The more time I have spent with this the more I believe that we need some > sort of SSO (Single Sign On) solution (something that supports a hardware > key token like RSA would be great). This is complicated by the perceived > requirement to install software on our customer's systems to support this > kind of integration.
Google for, amongst others: Radius, Diameter, TACACS+ etc etc... A single portal indeed might be a useful method. Do not forget to create a failover system though, as when your main box dies you can't access anything else anymore. > The goal behind all of this of course is to provide secure connectivity to > remote systems in such a way that passwords to the remote systems are not > being disseminated to our internal users - so if a user's employment status > changes we don't have to run through the crazy password change scramble. And then the evil user simply drops a backdoor binary on one of the machines. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
