Identity Management and Two-Factor Authentication Using One-Time Passwords

Identity Management and Two-Factor Authentication

Identity management in Red Hat Enterprise Linux is a systematic way to create centralized authentication, domain control, identity stores and authorization policies on all Linux systems. Identity management is one of the only options for Linux/Unix domains because the centralized authorization software is relatively new.Identity Management and Two-Factor Authentication

Basically, identity management in RHEL is designed and integrated in such a way to simplify identity management processes. Identity management provides a set of standard network services including PAM, LDAP, Kerberos, and DNS, NTP and certificate services. Authentication using static passwords remains as vulnerable as ever. It is prone to dictionary attacks, brute force attacks, key loggers, phishing attacks, and much more. Add to it the fact that end-users tend to choose weak passwords for easy recall, even when the stakes are high and the situation is an appetizing target for security attacks.

The Red Hat identity feature set is available free with the RHEL subscription. Some of the identity management features include:

One Time Password:

OTP provides a popular method for the two factor authorization and authentication. The OTP based authentication can either used third party two factor authentication solutions or natively managed tokens.

Two Factor Authentication:

Two-factor authentication (2FA) is a solid defensive strategy that addresses problems like identity theft associated with traditional password-based systems. Generally, it is understood to be an authentication mechanism where “something you have” and “something you know” are both provided as evidences of identity to enter a system.

Active Directory Cross-Realm Trust:

The cross-realm trust allows external Active Directory (AD) users to easily access the resources in the identity management domain. It also allows administrators to establish cross-forest Kerberos trusts with Microsoft Active Directory.

Central Authentication Management:

Central Authentication Management is used to provide a centralized mechanism for managing user identities, security mechanisms, machines and services within Linux/Unix enterprise environments.

Integrated Public Key Infrastructure (PKI) Service:

PKI provides signing and publishing of certificates for hosts and services. It provides software validation of published certificates through CRL (Certificate Revocation List).

In order to use Red Hat Linux efficiently while reducing costs and administrative load, don’t forget to implement RH Identity Management.