FreedomTunnel is a FLOSS ("free/libre open source software") Single Sign On ("SSO") One-Time-Password System.
See also DeploymentNotes.
The idea is that one can login to a Windows/Mac/Linux system, enter a one time password (PIN number + 6 digit code), and be authenticated to everything one can use that requires a password without further authentication prompts.
The core will probably be FreeIPA, which looks pretty compelling and will take care of a lot of the involved pieces (NTP/Ldap/Kerberos) in one shot. See this guide.
Add in RADIUS (via) and CoSign for web SSO (found at http://forums.somethingawful.com/showthread.php?threadid=3459961) and you've got everything for single sign on / single password. Now we just need to add OTP.
- Fully open source (all client and server pieces)
- Runs in a highly available master/(multi)slave fashion in multiple data centers.
- Must be seamless (login process is just username + password. Everything else is handled behind the scenes)
- OTP generation client must support Android/Blackberry/Apple devices
User experience in different contexts:
- Login to local workstation: this is a standard username/password combination. No network connectivity is required for this to function. However, if the device is connected to network already, then login system will indicate this and accept username/enhanced password (PIN+random digits). So a maximum of two logins is all that is ever required for access to any resource one controls.
- SSH to a server/network device or browse to a webapp I control and not have any login prompts.
Supported Authentication Clients:
- WPA-Enterprise 802.11 users on Windows, Mac, Linux
- Workstation OS logins on Windows, Mac, Linux
- VPN users (IPSEC/OpenVPN)
- Web applications (Wordpress/MediaWiki/Status.net/Tattler/Drupal/Redmine and any other apps)
|Free Network Infrastructure Projects (edit)|
| Box - Node - Tower - Tunnel - Link
Network Operations Center - Lab - VoIP - Stack - Overview