From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 24 08:06:28 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 88A2BC23
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 08:06:28 +0000 (UTC)
 (envelope-from tomek.cedro@gmail.com)
Received: from mail-qc0-x231.google.com (mail-qc0-x231.google.com
 [IPv6:2607:f8b0:400d:c01::231])
 by mx1.freebsd.org (Postfix) with ESMTP id 50EDA1CE
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 08:06:28 +0000 (UTC)
Received: by mail-qc0-f177.google.com with SMTP id u28so1831251qcs.8
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 01:06:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:x-received:sender:in-reply-to:references:date
 :x-google-sender-auth:message-id:subject:from:to:cc:content-type;
 bh=f/CfFropba0tgqc1ASEfde/mhKHajbfc79s8Jfu3fvU=;
 b=J7n/JkIewCFW4K88r40xtvXMwe+C2e1ZW3hIMKBwcRPNt8o2y84P1kELaRrj0FzN0B
 vUnfoUhbL1ZnZwLUaeiTyADp67L37hyQ5KKNYHNpI/lN6OeQ4CdzkhzIVuBNwmCTT8pO
 t6OEngDe71uM7iRoilF39/Thak4SbtKrTzXFm5ek8ac1pFcdunZU8J70zMpfwcZ/StZT
 9+ufWqdWYk3ppLHUr5SmHwljQFNJMbtPk1JMW4+K3dXF+9gafmc5jHPeREeFqAQSmxCW
 VqJrGZy2RisFux1IkN4pszZvU9lBUSJpghM8v47J42dTrGMRTdQnKRa1DjymA26ay2Ey
 up0g==
MIME-Version: 1.0
X-Received: by 10.229.78.212 with SMTP id m20mr1103923qck.94.1364112387827;
 Sun, 24 Mar 2013 01:06:27 -0700 (PDT)
Sender: tomek.cedro@gmail.com
Received: by 10.49.132.98 with HTTP; Sun, 24 Mar 2013 01:06:27 -0700 (PDT)
In-Reply-To: <CAFYkXjmc47oaCkMMF40oNM3Zsk=L1x6HeyUhYY2pRMfgKf-UZg@mail.gmail.com>
References: <B2DC7342-9F1A-489A-94F0-49802B1E5DF6@lafn.org>
 <CAFYkXjmc47oaCkMMF40oNM3Zsk=L1x6HeyUhYY2pRMfgKf-UZg@mail.gmail.com>
Date: Sun, 24 Mar 2013 09:06:27 +0100
X-Google-Sender-Auth: 9nicWazZ_0tbDCFEiQ0W7MOpN9k
Message-ID: <CAFYkXjk4zFcY0TW63_PyCeCnVcpypKO8mNiL6eGKa=qViDzLkw@mail.gmail.com>
Subject: Re: Client Authentication
From: CeDeROM <cederom@tlen.pl>
To: Doug Hardie <bc979@lafn.org>
Content-Type: text/plain; charset=UTF-8
Cc: "freebsd-questions@freebsd.org List" <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2013 08:06:28 -0000

On Sun, Mar 24, 2013 at 9:03 AM, CeDeROM <cederom@tlen.pl> wrote:
> Why don't you just use PKI for authentication (you can generate your
> own certificates)? You can easily upload keys/certificated to client
> machines (PC, Android, Apple, ...). That should work :-)

You can additionally encrypt keys/vertificates with a easy to remember
short PIN or password for increased security. I have seen this working
with Aladdin eToken maybe there is a pure software solution :-)

-- 
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info