From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-151651-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 54B741381F3
	for <garchives@archives.gentoo.org>; Wed, 16 Oct 2013 23:22:03 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DCBA2E0A52;
	Wed, 16 Oct 2013 23:21:55 +0000 (UTC)
Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182])
	by pigeon.gentoo.org (Postfix) with ESMTP id C3652E0A41
	for <gentoo-user@lists.gentoo.org>; Wed, 16 Oct 2013 23:21:54 +0000 (UTC)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EABK/CFFFpZHG/2dsb2JhbABCAr8OF3OCHgEBBAExCRwoCwshDQIEEg8FJTeICwYMsGuQNo0cQQQCBYJBYQONfoRcgzKFfohwgV6DE4FMBxc
X-IPAS-Result: Av8EABK/CFFFpZHG/2dsb2JhbABCAr8OF3OCHgEBBAExCRwoCwshDQIEEg8FJTeICwYMsGuQNo0cQQQCBYJBYQONfoRcgzKFfohwgV6DE4FMBxc
X-IronPort-AV: E=Sophos;i="4.84,565,1355115600"; 
   d="scan'208";a="35669093"
Received: from 69-165-145-198.dsl.teksavvy.com (HELO waltdnes.org) ([69.165.145.198])
  by ironport2-out.teksavvy.com with SMTP; 16 Oct 2013 19:21:52 -0400
Received: by waltdnes.org (sSMTP sendmail emulation); Wed, 16 Oct 2013 19:21:51 -0400
From: "Walter Dnes" <waltdnes@waltdnes.org>
Date: Wed, 16 Oct 2013 19:21:51 -0400
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: scripted iptables-restore
Message-ID: <20131016232151.GA25241@waltdnes.org>
References: <524DD388.9020507@fastmail.co.uk>
 <524F39F6.4040409@orlitzky.com>
 <slrnl5f9ik.or9.vaeth@lounge.imp.fu-berlin.de>
 <E1VVIat-0001XR-Ml@lounge.imp.fu-berlin.de>
 <525AAADE.7040700@orlitzky.com>
 <slrnl5leg8.a3q.vaeth@lounge.imp.fu-berlin.de>
 <525ACC38.8060008@orlitzky.com>
 <slrnl5lvc2.cda.vaeth@lounge.imp.fu-berlin.de>
 <525C36BC.1060602@libertytrek.org>
 <525C57D6.7020408@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <525C57D6.7020408@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 57296f77-0b4d-4a30-bc65-1d46bdc74abc
X-Archives-Hash: 87aeddc80a4813b5e1e298119475b2c9

On Mon, Oct 14, 2013 at 10:45:10PM +0200, Alan McKinnon wrote

> Access to my backend network is two-factor - ssh keys and decent
> passwords.

  That is *NOT* Two-factor authentication.  See
http://en.wikipedia.org/wiki/Multi-factor_authentication for the
details.  Executive summary... Two-factor authentication requires you to
present two authentication factors each time.  I.e. it's A *AND* B.
Your setup is A *OR* B.  The usual implimentations include 2 factors...
1) userID+password
2) a small credit-card-sized unit that generates random-looking
   multi-digit numbers that change every minute.

  In order to logon the user must enter both the userID+password combo
*AND* the current number on the token card.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications