|
    |
The following user authentication methods are supported in the Tectia client/server solution.
Table 6.4. User authentication methods supported by the Tectia client/server solution
| Authentication method | Tectia Server | Tectia Client | ||
|---|---|---|---|---|
| Unix | Windows | Unix | Windows | |
| Password[a] | x | x | x | x |
| Public-key | x | x | x | x |
| Certificate | x | x | x | x |
| Host-based | x | x | x | |
| Keyboard-interactive | x | x | x | x |
| PAM[b] | x | x | x | |
| RSA SecurID[b] | x | x | x | x |
| RADIUS[b] | x | x | x | x |
| GSSAPI/Kerberos | x | x | x | x |
[a] On SELinux enabled systems, password method uses PAM internally on the server side. [b] Through keyboard-interactive. | ||||
By default, the Tectia client/server solution uses private and public keys stored in the IETF standard Secure Shell v2 format. However, Tectia Client and Server can also use keys and related files in the legacy OpenSSH format or OpenSSH certificates.
The following OpenSSH-format keys are supported:
server host key pair and host certificate pair
trusted server host public keys, which clients use to authenticate servers
user private keys (used by clients to authenticate to a server)
authorized user public keys (used by a server to authenticate users), including public-key options
OpenSSH user and host certificates
OpenSSH CA-keys (used by a server to authenticate certificate users, or client to authenticate servers with host certificates)
| |