Firewall Wizards mailing list archives
RE: secure ID token based authentication
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Mon, 27 Jan 2003 11:21:35 -0500
Sure, you can do this a couple of ways. For Solaris you can install the SD client which includes a new shell. In essence, the person invokes the SDshell on login, and it will prompt for the passcode. After proper auth, it'll pass them to their usual shell as configured in their user account in the ACE server. I *believe* they have a client for linux, but I'm not sure. For Cisco, I recommend going the Tacacs route. Set up something like Cisco's Tacacs server, which has support for SecurID on the back end. Then, you not only can control log in to the cisco boxen using securID, but you can control what commands that particular user can invoke. You can also configure the ace server to listen for tacacs and radius directly, but I'm not a big fan of this. You loose a lot of control and features if you go direct to ACE with tacacs/radius. Let me know if you'd like more details. Andy *Please note, these comments are my own and not that of my employer* --------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 MSS Senior Security Engineer | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available.
-----Original Message----- From: Prashant Desai [mailto:prashant_secret () yahoo com] Sent: Saturday, January 25, 2003 2:13 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] secure ID token based authentication Hi is any body using the token based authentication using secure ID and ACE server, i would like to replace /etc/passwd based authentication of solaris 7,8,9 and few Redhat 7.x boxes with the secure ID token based authetications ,along with the authetication of cisco routers , is this possible ? i search on google also checked out the secure home page but didt got much info , kindly let me know is it possible or not or point me some url having info on this regards Prashant __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: secure ID token based authentication, (continued)
- Re: secure ID token based authentication Paul D. Robertson (Jan 25)
- Re: secure ID token based authentication John Keeton (Jan 26)
- Re: secure ID token based authentication ark (Jan 27)
- Re: secure ID token based authentication Mike Scher (Jan 27)
- Re: secure ID token based authentication Luca Berra (Jan 26)
- Message not available
- Re: secure ID token based authentication Luca Berra (Jan 27)
- Re: secure ID token based authentication Ben Nagy (Jan 28)
- Re: secure ID token based authentication ark (Jan 29)
- Message not available
- Re: secure ID token based authentication Ben Nagy (Jan 27)
- RE: secure ID token based authentication Prashant Desai (Jan 28)