Authentication Types in AuthNull: A Comprehensive Guide

Introduction

Authentication is the cornerstone of any secure system. AuthNull offers a variety of authentication types to suit different security needs and use-cases. This guide will walk you through the different types of authentication supported by AuthNull.

There are four authentication types available for authenticating into an endpoint:

  • Password as a Verifiable Credential with DID
  • SSH Keys as a Verifiable Credential with DID
  • DID as 1FA
  • AD Credentials with DID

authentication types

MFA with Password as a VC

What is it?

This method uses a password as the first factor and a Decentralized Identifier (DID) as the second factor for authentication. Both the Password and DID are sent to the wallet and can be used to authenticate.

How to Configure

  • Download the PAM.So file from AuthNull’s download section.
  • Add the required lines to /etc/pam.d/common-auth.

Benefits

  • Enhanced security with Multi-Factor Authentication (MFA).
  • DID provides an extra layer of verification.

MFA with SSH Keys as VC

What is it?

In this method, SSH Keys serve as the first factor, and DID serves as the second factor for authentication.

How to Configure

  • Use the command ssh-keygen to generate SSH keys.
  • Transfer keys using the ssh-copy-id command.
  • Configure the PAM authenticator for SSH login.

Benefits

  • Secure and convenient for users familiar with SSH.
  • DID adds an extra layer of security.

DID 1FA (Single Factor Authentication)

What is it?

This method uses only a Decentralized Identifier (DID) for authentication, making it a single-factor authentication method.

How to Configure

  • Navigate to the list of endpoints from the ‘Privileged Access Management’ section.
  • Access Authentication Flow Settings and choose DID as the only factor.

Benefits

  • Simplified authentication process.
  • DID ensures secure and verifiable identity.

LDAP (DID with AD credentials as VC) (MFA with LDAP)

What is it?

This method uses LDAP for the first factor and DID for the second factor. Active Directory (AD) credentials are used as Verifiable Credentials (VC).

Benefits

  • Ideal for enterprises using LDAP/AD.
  • DID adds an extra layer of security.

Conclusion

AuthNull provides a robust and flexible authentication system that can be tailored to meet various security requirements. Whether you need single-factor or multi-factor authentication, AuthNull has got you covered.

For more detailed guides, you can refer to the AuthNull help sections on configuring SSH 2FA, configuring passwordless authentication, and configuring authentication flow,configuring endpoint for LDAP authentication