I have looked into, but have not found any way to change the order of authentication for SGD. My goal would be for authentication to use securid but base the user webtop config on AD or LDAP membership. From my understanding of the documentation, if I turn on LDAP, it occurs before securid so it securid never gets queried. If I disable AD/LDAP, I have no groups that can be queried and every user gets the same webtop.
I tried going the route of configuring basic HTTP authenication but I cannot seem to locate mod_securid binaries for the version of apache that SGD uses. Requiring the users to login twice (once for securid and once for sgd is acceptable). I could leverage our cisco ASA to prompt for the securid credentials before forwarding the connection to the sgd server, but this has an undesirable side effect of dropping the connection and forcing a reauthentication every 1 to 2 hours. Even though I have sun comming in in a few days to pitch the sunray/sgd solution to us and plan on asking them this question, I would like to know if anyone else has encountered this requirement. Call me paranoid, but every other remote access method we have utilizes two factor authencation and I'm not about to change that now. Thanks in advance for any insight the list has. -- Randy Hall - CISSP #83009 Y2K was nothing – Just wait for Tue Jan 19 03:14:07 2038 UTC http://www.linkedin.com/in/rthall
_______________________________________________ SGD-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sgd-users
