Well, this certainly surprises me. I know last I looked, there was some discussion about MFA and requiring Azure.
In the environment I work in, I'm not able to use services outside a very limited list, or I have to roll my own using established technologies (FedRAMP). So Azure is right out. So was using Amazon Directory Services.
I know my colleagues are much more familiar with Windows, whereas I.. (look at username, relevant!). My solution, after assessing that Windows couldn't do 2 (or 3) factor, and it was stuck at login/password and some firewall blocking IP's, I knew what I had to do. And that meant Linux for the bastions, and LinOTP and appropriate config options to make it work.
I was kind, and didn't inflict a AAA stack of "kerb, ldap, radius, and shib" on the Windows admins :) Well, that and I didn't want to be the sole maintainer of that system.
To be fair, the only reason I knew of this at all is because of a brief patronage of a library in Belgium during a trip I took in the summer of '99. The computer systems of said library used a bizarre system of time-limited authentication tokens stored on floppy disks that were used during the Windows log-on process. I was curious how it might have worked.
In the environment I work in, I'm not able to use services outside a very limited list, or I have to roll my own using established technologies (FedRAMP). So Azure is right out. So was using Amazon Directory Services.
I know my colleagues are much more familiar with Windows, whereas I.. (look at username, relevant!). My solution, after assessing that Windows couldn't do 2 (or 3) factor, and it was stuck at login/password and some firewall blocking IP's, I knew what I had to do. And that meant Linux for the bastions, and LinOTP and appropriate config options to make it work.
I was kind, and didn't inflict a AAA stack of "kerb, ldap, radius, and shib" on the Windows admins :) Well, that and I didn't want to be the sole maintainer of that system.