On February 2, 2007 5:46:55 PM -0500 Peter Iannarelli <[EMAIL PROTECTED]> wrote: > I don't believe I've seen anyone with a token strapped to their > notebook and their PIN etched on the case.
I know a few thousand such users. Not with the PIN etched :-) but with a credit card form factor token strapped to the laptop lid in a clear plastic envelope. Pretty convenient. > The reality is different. Software tokena require a M2M or > machine to machine interface (software). Deploying this software > on 100 workstations is problematic. Multiply that by 1000, within > a heterogeneous environment, and its an administrative nightmare. I tend to disagree. Yes at the few dozen or maybe even 100 machine level it can be a chore to maintain (but installation itself should be trivial), but once you hit multi-hundreds if you can't maintain the software you really should worry about that first before worrying about tokens of any sort. Keeping user's workstation software up to date automatically is an absolute must in any large environment, and a sunk cost as far as administrative overhead goes. > Hardware tokens are the most portable and most secure. I agree with that, except for the case of smartcards and portability. These days, I'm surprised java tokens for phones and blackberrys aren't more popular. The phone has the advantage that the user is very unlikely to forget it somewhere. -frank ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
