On 2/2/06, Mike Keller <[EMAIL PROTECTED]> wrote:
> I would like to use an RSA / ACE server to
> authenticate locally on 3.8 (through radius).
As Joachim pointed out, there is the generic "login_radius" authenticator.
login_radius works (most of the time) to authenticate against the remote RADIUS
service on your remote ACE/Server. There are a few bugs with login_radius,
primarily I've found that it just doesn't work at all for console
logins via RSA/ACE,
sends "blank password" authentication attempts which tend to confuse ACE/Server,
and has trouble with "new PIN" and "next tokencode" mode.
Enabling login_radius is as simple as adding an Agent Host to your ACE/Server,
with a shared secret, creating /etc/raddb/servers to contain the secret, and
modifying login.conf to add the radius server information and authentication
settings.
If you enable radius authentication in the default class, you will likely want
to explicitly disable login_radius for the 'daemon' class.
> I would like to run the RSA Authentication Agent 5.2
> for Web on Apache. It is only supported for RH Linux
> and Sun.
TMK, the agent on OpenBSD is a non-starter, I doubt it can be successfully used
on OpenBSD with without support from RSA, without at least a native library to
link against. (Please, please prove me wrong).
You can use one of the RADIUS authentication modules for Apache,
mod_auth_radius works on OpenBSD, though it also has trouble with
"new PIN" and "next tokencode" mode.
> Again, I realize it isnt supported, I am just curious
> if anyone has tried / had any success with it. I'd be
> happy to discuss off the group, or to be pointed to
> another list / url.
I moderate the unofficial securid-users mailing list on Yahoo! groups,
discussion of RSA's ACE/SecurID product on OpenBSD is more than welcome
on the securid-users list, info is here:
http://groups.yahoo.com/group/securid-users
Kevin Kadow
