Posted by:
admin
13 years, 3 months ago
First, I want to say that I really, really support any application that adds support for two-factor authentication, especially if they do it right by using an open standard such as RADIUS. That's why I was excited to see RADIUS support in VMWare View 5.1. I decided to test it and add a tutorial to our growing collection.
Sadly, what I found is that VMWare View first requires you to login using your two-factor authentication credential:
and then again using your AD credentials:
Why is this an issue?
- The extra step is a hassle for users
- It is unnecessary. The Microsoft Radius plugin, NPS can preform AD authorization without the AD password and will then proxy the credentials to any two-factor server for authorization.
- It reduces security. Anyone remember the idea of "LAN passwords"? It would be better to NOT use the static password outside of the firewall.
Security is a big enough impediment to usability without any additional help. Especially if users might be logging in from a mobile device.
Share on Twitter Share on Facebook