> >
> >Anybody have a terminal server authenticating with SecurID?
>
>
> >What we'd like is a box that folks could connect with PPP, but would require
> >they input their SecurID number (probably in a terminal window after the
> >modems connect).
> >
> >If you have this working, I'd like to talk.
> >
> >- --Mike
>
> The ACE/Server includes a RADIUS implementation on NT and Unix platforms and the
>Cisco reference implementation of tacacs+ on Unix platforms (I believe that the tac+
>is older code). Setup on the
The version of Tacacs+ shipping with ACE 3.3.1 is version 2.2 - pretty dated. They've
released ACE version 4 - I've asked them if they have updated this, but no response.
I believe that Cisco Secure supports SecurID cards.
> ACE/Server side is pretty well covered in the SDI (RSA?) doc set. Some things to be
>aware of -- the ACE/Server will not handle CHAP requests for SecurID passcodes so the
>PPP session will have to negotiate PAP for authentication if you do the PPP auth or
>you can bring up the terminal window after connect as you mention. If some accounts
>do not use SecurID authentication their authentication info will travel at least some
>of the network in clear text. Setting up SecurID integration with many of the popular
>commercial RADIUS/tac+ implementations is really straightforward. The authentication
>with RADIUS may take an extra step on some platforms compared to tac+ (ie. login:,
>password:, PASSCODE: ) due to differences in the two protocols. Good luck...
>
> Regards,
>
> --tcw
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
