If I get yelled at for asking this here, so be it; it will be just one more stumbling block in a long research project.
What I want to do, in a nutshell, is use the rlm_x99_token module to authenticate users with Cryptocards. But everything I've tried so far comes down to needing to know the DES key that is programmed into the card. Obviously, there can't be an easy way to get the key out of the card, or the card would be useless. So this means you need to program the card with a known key. My problem is that I cannot figure out a way to do this. This isn't really a freeradius question (which is why I might get yelled at), but it is clearly relevant to anyone who wants to use freeradius to authenticate via Cryptocards. This list is a likely source of people who have successfully done this. But my question is, how do I program the cards with a known key? I tried setting the randomkey = no parameter in the cryptocard.cfg file and restarting the cadmind but the CAClient still seems to use an internally-generated key when initializing. I am using freeradius 1.0.1 from RPM on CentOS 4 (based directly on Red Hat Enterprise 4) and cadmin 5.1 if it matters. Also, we have the RB-1 "calculator" style tokens. Another possibility might be to find a way to extract the key from the very long hex string stored in the MySQL database by the cadmind server, called the "encrypted key", but I haven't found any way to do that either. Is anybody using freeradius with rlm_x99_token module and Cryptocard RB-1 tokens successfully? How do you initialize your cards and sync them with freeradius? For what it's worth, I have gotten basic functionality of the x99_token module to work with our Cisco VPN 3000 concentrator, authenticating via freeradius. I have gotten as far as having the special password "resync" generate a display of the challenge, but without the proper keys for the cards in the x99passwd file, I can't actually authenticate users with them. Thanks, --Greg
Reporting-MTA: dns; mscan1.ucar.edu X-Postfix-Queue-ID: 6035C87E1E X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Tue, 15 Nov 2005 14:10:30 -0700 (MST) Final-Recipient: rfc822; [email protected] Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host mail.starnetusa.net[64.24.2.2] said: 550 reply to RCPT TO command)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
