Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning
titleIf you don't read anything else, read this...

Policy mandates that 2FA is required whenever any person working from a remote location utilizes administrative credentials to access a server that is used to store or process confidential or Category I university data. This includes cases where an initial login is performed with non-administrative credentials and privileges are escalated after a session is established (e.g., via sudo or su).

 

This page lists the acceptable options for remote administrative access to university servers which store or process Category I data. Certain options may work better in specific environments than others - consult your local IT support staff for any implementation questions or issues. If you need to use a 2FA option not on this list, please contact us at security@utexas.edu.

Remote access to workstations and non-server devices should be handled through the UT VPN service.

 

...

Password protected public key, or

Toopher (via PAM), or

PAM OATH, or

VPN group with IPTables rules

...

 

 

OATH Toolkit: http://www.nongnu.org/oath-toolkit/

...

Certificate-based auth, or

Toopher, or

VPN group with firewall rules

...

SSH tunnel with password-protected public key, or

VPN group with firewall rules

...

SSH tunnel with password-protected public key, or

VPN group with firewall rules

...

VPN group with firewall rules, or

...