Re: RSA ACE Authentication
On 2/2/06, Mike Keller [EMAIL PROTECTED] wrote: I would like to use an RSA / ACE server to authenticate locally on 3.8 (through radius). As Joachim pointed out, there is the generic login_radius authenticator. login_radius works (most of the time) to authenticate against the remote RADIUS service on your remote ACE/Server. There are a few bugs with login_radius, primarily I've found that it just doesn't work at all for console logins via RSA/ACE, sends blank password authentication attempts which tend to confuse ACE/Server, and has trouble with new PIN and next tokencode mode. Enabling login_radius is as simple as adding an Agent Host to your ACE/Server, with a shared secret, creating /etc/raddb/servers to contain the secret, and modifying login.conf to add the radius server information and authentication settings. If you enable radius authentication in the default class, you will likely want to explicitly disable login_radius for the 'daemon' class. I would like to run the RSA Authentication Agent 5.2 for Web on Apache. It is only supported for RH Linux and Sun. TMK, the agent on OpenBSD is a non-starter, I doubt it can be successfully used on OpenBSD with without support from RSA, without at least a native library to link against. (Please, please prove me wrong). You can use one of the RADIUS authentication modules for Apache, mod_auth_radius works on OpenBSD, though it also has trouble with new PIN and next tokencode mode. Again, I realize it isnt supported, I am just curious if anyone has tried / had any success with it. I'd be happy to discuss off the group, or to be pointed to another list / url. I moderate the unofficial securid-users mailing list on Yahoo! groups, discussion of RSA's ACE/SecurID product on OpenBSD is more than welcome on the securid-users list, info is here: http://groups.yahoo.com/group/securid-users Kevin Kadow
Re: RSA ACE Authentication
On Thu, Feb 02, 2006 at 03:39:47PM -0800, Mike Keller wrote: Ok, before I get flamed up, I know this isnt supported, I just want to know if anyone has tried it. I would like to use an RSA / ACE server to authenticate locally on 3.8 (through radius). And I would like to run the RSA Authentication Agent 5.2 for Web on Apache. It is only supported for RH Linux and Sun. I was able to hack up the install and config command scripts enough to where it will install, but I can't get apache to run when I try adding the module. I have it running on IIS, but I'd really like to to move away from M$ / IIS. Again, I realize it isnt supported, I am just curious if anyone has tried / had any success with it. I'd be happy to discuss off the group, or to be pointed to another list / url. I don't have any specific experience with what you are trying to do, but if you can get RADIUS running you should be able to use mod_auth_radius, from the looks of it. Locally, there is a 'radius' authentication mechanism, which should do just fine. Hack login.conf to use it by default. So it looks like the only thing really unsupported would be the RADIUS server, but I don't know what you are using for that, so I can't really comment. Joachim
RSA ACE Authentication
Ok, before I get flamed up, I know this isnt supported, I just want to know if anyone has tried it. I would like to use an RSA / ACE server to authenticate locally on 3.8 (through radius). And I would like to run the RSA Authentication Agent 5.2 for Web on Apache. It is only supported for RH Linux and Sun. I was able to hack up the install and config command scripts enough to where it will install, but I can't get apache to run when I try adding the module. I have it running on IIS, but I'd really like to to move away from M$ / IIS. Again, I realize it isnt supported, I am just curious if anyone has tried / had any success with it. I'd be happy to discuss off the group, or to be pointed to another list / url. Thanks!