Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [two-factor-authentication]

36 questions
11
votes
1 answer

U2F (YubiKey, etc) and Active Directory

I'm searching for information about how to integrate U2F (using YubiKey or similar devices) into an Active Directory Windows Domain (Will be a Windows 2016 Server). Especially I'm interested in securing the windows logon to workstations/servers to…
Fionn
  • 475
  • 5
  • 15
5
votes
2 answers

2FA via freeRADIUS, ignoring password

I've been tasked with setting up freeRADIUS to prompt a user for their second authentication factor (eg. Google Authenticator OTP) BUT without first checking the user's password. I'm coming into this completely blind, with no prior RADIUS…
Jeedee
  • 121
  • 1
  • 5
4
votes
0 answers

Setup 2FA/MFA on Jenkins

I'm trying to find how to setup 2FA/MFA on users who login to Jenkins, with Google Authenticator. Everything I'm finding is about logins to servers/git/etc, but not for the actual USERS in Jenkins. Does anyone know how to do this?
Nuno
  • 553
  • 2
  • 8
  • 26
2
votes
1 answer

Enforce 2FA on user accounts used in Cloud IAM

I have a GCP project where I work with people external to my team. For the moment I assigned them Cloud IAM roles, in order to give them permissions to different parts of the project. But I was asking myself if is it possible to force those users to…
R.Sicart
  • 209
  • 1
  • 7
2
votes
1 answer

is sharing the same TOTP across multiple servers any less secure?

Are there ("not insignificant") security implications to using the same OTP secret across multiple servers? On my network, I'm running gitlab-ce, nextcloud, and LTB self-service password among a few other services. GL and NC both support 2FA via…
r2evans
  • 125
  • 8
2
votes
1 answer

How to Configure Roundcube/Dovecot for *Effective* 2-Factor Authentication

There are several Roundcube plugins that provide two-factor authentication. However, the issue I now see is that I can still simply log in via IMAP/SMTP, without 2-FA (obviously). 2-FA is (effectively) useless here. I thought I could solve this…
Jocbe
  • 31
  • 1
  • 6
2
votes
2 answers

Cannot use 2FA due to even when it is enabled

I'm trying to enable google 2FA using package fedora google-authenticator (https://github.com/google/google-authenticator-libpam). This is my /etc/ssh/sshd_config: # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ # To modify…
Siddharth
  • 123
  • 5
2
votes
1 answer

SSH authentication: (public key xor password) + google authenticator code

I'm using Debian bullseye. I'm trying to set up SSH two types logins: password + code from Google's Authenticator (if user set it, "nullok" option), public key + code from Google's Authenticator (if user set it, "nullok" option). Type #1 works for…
Karol
  • 21
  • 3
1
vote
0 answers

Can I manage an Azure Active Directory (AD) guest user's multi-factor authentication (MFA)?

We have a guest user in our Azure Active Directory who has lost their mobile phone and is unable to sign-in using the multi-factored authentication. Is it possible for us, as admins of the Azure tenant, to manage their MFA settings? We tried…
DRVR
  • 136
  • 5
1
vote
1 answer

Using ADFS in Windows 2012 R2 with Azure Multi-factor Authentication

Thanks in advance for reading this. I want to require users to use the Azure mobile app for multifactor authentication when they log on to their Office 365 mailboxes. I do not need to use MFA to secure any other resources. I have ADFS on Windows…
John Allen
  • 11
  • 1
  • 2
1
vote
0 answers

Authenticate openvpn clients by certificate OR user/pass

I configured my openvpn server to authenticate clients with user/pass (ldap) and OTP/2FA (google authenticator). It works fine! I have osx clients that use Tunnelblick as openvpn client and it doesn't support OTP/2FA. So I would need to use TLS…
Francis
  • 481
  • 2
  • 7
  • 19
1
vote
1 answer

Can you use the same Gemalto MFA fob for multiple AWS accounts?

I control multiple AWS accounts. I'd like to use MFA for the root logins. I have a Gemalto hardware key fob from Amazon (docs) registered for MFA for the root account on one of them. I tried to add MFA to a second account using the same key fob, but…
Rich
  • 704
  • 14
  • 30
1
vote
0 answers

Setting up Apache 2.4 reverse proxy with SSL and authentication both on proxy AND backend

Goal: a client authenticates against apache 2.4 reverse proxy with OTP (AuthType basic), is then forwarded to the backend server (apache 2.2) where further individual authentication is required (Kerberos). Client gets access after both factors…
MarkHelms
  • 181
  • 5
  • 16
1
vote
2 answers

Two factor authentication for password login but not for login using keys files

I configured ssh to using keys files situated in ~/.ssh to login. Now I'd like to install a two factor authentication when using password, but not required when using key files. I've seen how to install two factor authentication here: DigitalOcean:…
Nicox11
  • 11
  • 4
1
vote
1 answer

How to secure AD administration with MFA

I'm evaluating an MFA solution such as Duo or Okta (any one have an opinion on that?). Adding MFA to web logins is straight forward but I want to add another layer of security to our Active Directory administration. Do any solutions work with…
FredS
  • 63
  • 1
  • 1
  • 11
1
2 3