| Warning | ||
|---|---|---|
| ||
Policy mandates that 2FA is required whenever any person working from a remote location utilizes administrative credentials to access a server that is used to store or process confidential or Category I university data. This includes cases where an initial login is performed with non-administrative credentials and privileges are escalated after a session is established (e.g. via sudo or su). |
This page lists the acceptable 2FA options for remote access to university servers which store or process Category I data. Certain options may work better in specific environments than others - consult your local IT support staff for any implementation questions or issues. If you need to use a 2FA option not on this list, please contact us at security@utexas.edu.
Remote access to workstations and non-server devices should be handled through the UT VPN service.
Note: Users MUST utilize 2FA for servers they have administrative access to, even when authenticating to the server using non-administrative credentials, if the ability exists for users to elevate permissions to an administrative level after authenticating as a lower-privileged user. If no ability to escalate permissions exists, then only logins using administrative credentials need be secured with 2FA, unless such differentiation is not possible.
...
Password protected public key, or
Toopher (via PAM), or
PAM OATH, or
VPN group with IPTables rules
...
OATH Toolkit: http://www.nongnu.org/oath-toolkit/
...
Certificate-based auth, or
Toopher, or
VPN group with firewall rules
...
SSH tunnel with password-protected public key, or
VPN group with firewall rules
...
SSH tunnel with password-protected public key, or
VPN group with firewall rules
...
VPN group with firewall rules, or
...
This content has moved.
Please see: https://security.utexas.edu/iso-policies/approved-2fa-authentication-methods