5 Dec
2013
5 Dec
'13
10:42 a.m.
* Alex Band wrote:
The way this system is implemented, an LIR Portal user with admin rights can issue X.509 certificates to users. However, they cannot be forced to use it. Also, a passphrase is optional, meaning that it’s not really two-factor.
Whatever you smoke, stop it! Using certificates to authenticate is not and never was a two-factor method. The authentication scheme only proofs the possing of a private key. In which form the key is stored locally is outside of the scheme. You simply can't check this property.