|
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf
Of Tim Bronski
Sent: Tuesday, July 21, 2020 6:21 AM
To: Midrange Systems Technical Discussion <midrange-
l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Navigator for i
Well, TFA for initial network access is a common requirement but not all
access to applications and data across the network is of the same sensitivity
and not all access is made with the same credentials.
Re-verifying identity for access to more sensitive functions and with tighter
timeouts helps overcome some of the disadvantages of SSO and cached
credentials (pc on but no one at the desk for one). Another case is the use of
shared profiles where, for example, 2 people have the password for
QSECOFR (I'm not advocating for this but it's not uncommon) but you want
to audit who actually was using this profile, TFA can identify and log the
user behind the approving device.
On 7/20/2020 5:55 PM, Michael Quigley - Sec wrote:
This brings up an interesting point. Console access for PCI (and other)compliance reasons generally dictate two-factor authentication. But I've
always viewed that as required to get onto the network from where the
access is made. If someone is local to the system, I figure they have their
password and then they have themselves (being physically present. Am I
taking too simplistic of a take on TFA for Navigator?
Behalf Of
Michael Quigley
Computer Services
The Way international
www.TheWay.org
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On
--Tim Bronski
Sent: Monday, July 20, 2020 8:37 AM
To: Midrange Systems Technical Discussion <midrange-
l@xxxxxxxxxxxxxxxxxx>
Subject: Navigator for i
I'm trying to figure out if it's possible to extend/customize the
"Navigator for i" logon dialog. I'm trying to add a TFA component.
Maybe this is a question for someone like Tim Rowe? Any suggested
starting points? I've been all over google.
Tim
Need sFTP or PGP? Download your native sFTP or OpenPGP solutions here:
www.arpeggiosoftware.com
--
This email has been checked for viruses by AVG.
https://www.avg.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.