Windows credential providers
617 views
Skip to first unread message
77istrid
Jun 9, 2015, 7:37:45 AM6/9/15
to priva...@googlegroups.com
Hi,
i'v configured privacyID3a on a centos machine.
All works fine!
Vpn access, local unix account...
But an imprtant question.
I' ave a 2008 active directory domain.
I want also taht all windows client pc (win7 e win 8 64 bit) log in againts privacyid3a with the same
system (pin+otp)
It' s possible ?
How configure my client windows machine ?
Thanks for your support!
Cornelius Kölbel
Jun 9, 2015, 7:58:21 AM6/9/15
to 77istrid, priva...@googlegroups.com
Hi,
there is a privacyidea credential provider, which expects:
1. Windows Domain and Username
2. Windows Domain Passwort
3. OTP PIN (optional) and OTP
A colleague of mine developed it, but at the moment it is only
controlled available. (not publically)
I will forward the request accordingly.
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/44a1ac7d-12b5-42c5-92a5-a914448eabb3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
there is a privacyidea credential provider, which expects:
1. Windows Domain and Username
2. Windows Domain Passwort
3. OTP PIN (optional) and OTP
A colleague of mine developed it, but at the moment it is only
controlled available. (not publically)
I will forward the request accordingly.
Kind regards
Cornelius
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/44a1ac7d-12b5-42c5-92a5-a914448eabb3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
77istrid
Jun 9, 2015, 8:44:47 AM6/9/15
to priva...@googlegroups.com, alessan...@gmail.com
Hi Cornelius!
I'm looking forward for your privacyidea credential provider!
Thanks a lot,
Have good day.
IT System admin
Alessandro
Roman Canto
Sep 2, 2015, 8:14:16 PM9/2/15
to privacyidea, alessan...@gmail.com
Hi Cornelinux, any chance you can get a hand to this credential provider module for privacyidea?
Cornelius Kölbel
Sep 3, 2015, 4:42:26 AM9/3/15
to priva...@googlegroups.com
Hello Roman,
I will create the contact.
The Credential Provider at the moment does only work online, i.e. the
privacyIDEA server needs to be available.
Nevertheless, privacyIDEA comes with the possibility to do offline OTP,
which was already implemented in the Linux PAM module.
https://www.privacyidea.org/privacyidea-2-2-released-otp-offline-authentication/
It couldTM also be implemented into the Credential Provider.
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/09283821-7929-4bc7-9e40-dd905176434b%40googlegroups.com.
I will create the contact.
The Credential Provider at the moment does only work online, i.e. the
privacyIDEA server needs to be available.
Nevertheless, privacyIDEA comes with the possibility to do offline OTP,
which was already implemented in the Linux PAM module.
https://www.privacyidea.org/privacyidea-2-2-released-otp-offline-authentication/
It couldTM also be implemented into the Credential Provider.
Kind regards
Cornelius
Ivaylo Bratoev
Sep 22, 2015, 2:55:03 AM9/22/15
to privacyidea
Hi guys,
I am interested in the Windows Credential Provider as well. Is it available somewhere or how do you get access to it?
I am interested in the Windows Credential Provider as well. Is it available somewhere or how do you get access to it?
Following the documentation I reached this empty repo: https://github.com/LastSquirrelIT/PrivacyIDEA-CredentialProvider . Is it in development or is it private?
Regards,
Ivaylo Bratoev
Ivaylo Bratoev
Cornelius Kölbel
Sep 22, 2015, 4:18:47 AM9/22/15
to priva...@googlegroups.com
Hi Ivaylo,
this is developed by a colleague of mine.
At the moment this is under a code rewrite.
I forward your request to him, so that you may get into contact.
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/93355caa-f698-4728-af87-4eb88aebf707%40googlegroups.com.
this is developed by a colleague of mine.
At the moment this is under a code rewrite.
I forward your request to him, so that you may get into contact.
Kind regards
Cornelius
Yoann JOUVENT
Nov 4, 2015, 7:15:35 AM11/4/15
to privacyidea
Hi Cornelius,
We are also interested by Windows Credential Provider. We use privacyIDEA with Univention Corporate Server and we wish to use privacyIDEA on our windows client !!
Is it possible to have a contact ?
Thanks.
JOUVENT Yoann
We are also interested by Windows Credential Provider. We use privacyIDEA with Univention Corporate Server and we wish to use privacyIDEA on our windows client !!
Is it possible to have a contact ?
Thanks.
JOUVENT Yoann
Cornelius Kölbel
Nov 4, 2015, 9:09:44 AM11/4/15
to priva...@googlegroups.com, Dominik Pretzsch
Hello,
please contact dominik....@lastsquirrel.com for the privacyIDEA
Credential Provider.
May I also ask for feedback and experience with the privacyIDEA
Integration on UCS?
Thanks a lot
Cornelius
please contact dominik....@lastsquirrel.com for the privacyIDEA
Credential Provider.
May I also ask for feedback and experience with the privacyIDEA
Integration on UCS?
Thanks a lot
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/b27e7106-48d6-4582-bf88-16683493fc71%40googlegroups.com.
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
Yoann JOUVENT
Nov 4, 2015, 10:47:19 AM11/4/15
to privacyidea
Hello Cornelius,
Thanks for your fast answer !!!
We use UCS for authentication ldap and we use also authentication 802.1x with radius server integrated in UCS.
We use privacyIDEA integrated on UCS to add authentication ldap with OTP in addition of authentication 802.1x.
We are at beginning of our integration of privacyIDEA but the first tests are conclusive and integration on UCS is very easy.
We use also privacyIDEA for connection ssh and connection of our applications.
Thanks.
JOUVENT Yoann
Thanks for your fast answer !!!
We use UCS for authentication ldap and we use also authentication 802.1x with radius server integrated in UCS.
We use privacyIDEA integrated on UCS to add authentication ldap with OTP in addition of authentication 802.1x.
We are at beginning of our integration of privacyIDEA but the first tests are conclusive and integration on UCS is very easy.
We use also privacyIDEA for connection ssh and connection of our applications.
Thanks.
JOUVENT Yoann
Cornelius Kölbel
Nov 4, 2015, 10:52:38 AM11/4/15
to priva...@googlegroups.com
Hi Yoann,
thanks a lot for the feedback. Sounds great.
The SSH servers - are these machines also UCS or other linux machines.
On UCS you might want to use the App "privacyIDEA PAM".
You might also think of using OTP as second factor for SSH but also
manage your SSH keys with privacyIDEA.
You can upload the public SSH keys and assign those keys to machines.
This way you can manage the keys centrally for all machines.
I have a new blog article here about combining all three:
* password
* OTP token
* ssh key
https://www.privacyidea.org/ssh-keys-and-otp-really-strong-two-factor-authentication/
Kind regards
Cornelius
thanks a lot for the feedback. Sounds great.
The SSH servers - are these machines also UCS or other linux machines.
On UCS you might want to use the App "privacyIDEA PAM".
You might also think of using OTP as second factor for SSH but also
manage your SSH keys with privacyIDEA.
You can upload the public SSH keys and assign those keys to machines.
This way you can manage the keys centrally for all machines.
I have a new blog article here about combining all three:
* password
* OTP token
* ssh key
https://www.privacyidea.org/ssh-keys-and-otp-really-strong-two-factor-authentication/
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/92eb01b5-9aa7-495d-8b48-713faae2d78d%40googlegroups.com.
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
Yoann JOUVENT
Nov 5, 2015, 3:13:54 AM11/5/15
to privacyidea
Hi Cornelius,
Our servers are other linux machines.
Thanks for all those informations !!! We will see what we can put in place !!
Thanks.
Best regards
JOUVENT Yoann
Our servers are other linux machines.
Thanks for all those informations !!! We will see what we can put in place !!
Thanks.
Best regards
JOUVENT Yoann
Cornelius Kölbel
Nov 5, 2015, 3:31:11 AM11/5/15
to priva...@googlegroups.com
Hi Yoann,
If your other servers are linux machines, you can got with the normal
privacyIDEA pam.
I think using UCS as your directory it is really nice idea.
You might have heard that in version 4.1 of UCS they will add SSO via
simpleSAMLphp.
This is designed to be combined with privacyIDEA.
https://www.univention.com/2015/10/data-security-thanks-to-multiple-factor-authentication-in-ucs-with-privacyidea-saml/
With the privacyIDA PAM App you will be able to add two factor
authentication to the normal UMC login.
(A blog article on this will follow)
With the privacyIDEA SAML App you can authenticate every SAML Service
Provider against UCS and thus add two factors to those services.
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/85365ba5-2ee7-4ecb-aef0-120ce8785a25%40googlegroups.com.
If your other servers are linux machines, you can got with the normal
privacyIDEA pam.
I think using UCS as your directory it is really nice idea.
You might have heard that in version 4.1 of UCS they will add SSO via
simpleSAMLphp.
This is designed to be combined with privacyIDEA.
https://www.univention.com/2015/10/data-security-thanks-to-multiple-factor-authentication-in-ucs-with-privacyidea-saml/
With the privacyIDA PAM App you will be able to add two factor
authentication to the normal UMC login.
(A blog article on this will follow)
With the privacyIDEA SAML App you can authenticate every SAML Service
Provider against UCS and thus add two factors to those services.
Kind regards
Cornelius
Michael Broeknellis
Feb 4, 2016, 3:44:47 AM2/4/16
to privacyidea
Hello Cornelius,
Is it possible that i can receive PrivacyIdea Windows Credential Provider.
We want to use it for our Windows servers. We have allready PrivacyIdea up and running.
Thanks,
Beste regards,
Michael
Cornelius Kölbel
Feb 4, 2016, 3:54:45 AM2/4/16
to priva...@googlegroups.com
Hello Michael,
the privacyIDEA Credential Provider at the moment is not free of charge.
However, I can provide you with an evaluation copy.
I will drop you a note off-list.
Kind regards
Cornelius
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
the privacyIDEA Credential Provider at the moment is not free of charge.
However, I can provide you with an evaluation copy.
I will drop you a note off-list.
Kind regards
Cornelius
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/3ffb14ce-7c64-4954-b5b7-30301cdb0903%40googlegroups.com.
Message has been deleted
Le Hoang Nam
Aug 22, 2016, 5:13:44 AM8/22/16
to privacyidea
I have allready a Server PrivacyIdea up and running and use it for VPN access, I want to use 2FA for secure my Windows server, but i don't have PrivacyIdea Windows Credential Provider, Is it possible that i can receive it?
Thanks,
Best regards,
Nam
Reply all
Reply to author
Forward
0 new messages