Friedrichs, Paul D CTR DISA PEO-IAN <Paul.Friedrichs.ctr@disa.mil> wrote: > I am *very* interested in deploying MyProxy on a large scale,
Great!
> but I am > concerned about the possibility of a phishing/pharming-like attack to > capture the passphrase passed from the prospective proxy to what it > thinks is the MyProxy server during the get process.
If you haven't run across it yet, this paper is a good read that covers some of these issues, specifically the use of One-Time Passwords (OTP) with MyProxy:
Simplifying Public Key Credential Management Through Online Certificate Authorities and PAM http://middleware.internet2.edu/pki06/proceedings/chan-pam.pdf
-- Daniel Clark # http://dclark.us # http://opensysadmin.com