Firewall Wizards mailing list archives

RE: secure ID token based authentication

From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Mon, 27 Jan 2003 11:21:35 -0500

Sure, you can do this a couple of ways.
For Solaris you can install the SD client which includes a new shell. In
essence, the person invokes the SDshell on login, and it will prompt for
the passcode. After proper auth, it'll pass them to their usual shell as
configured in their user account in the ACE server.

I *believe* they have a client for linux, but I'm not sure.

For Cisco, I recommend going the Tacacs route. Set up something like
Cisco's Tacacs server, which has support for SecurID on the back end.
Then, you not only can control log in to the cisco boxen using securID,
but you can control what commands that particular user can invoke. You
can also configure the ace server to listen for tacacs and radius
directly, but I'm not a big fan of this. You loose a lot of control and
features if you go direct to ACE with tacacs/radius. 

Let me know if you'd like more details. 
Andy

*Please note, these comments are my own and not that of my employer*


---------------------------------------------------------
Andrew J. Kalat,                | Direct:(404)236-2713 
MSS Senior Security Engineer    | Main:  (404)236-2600
Internet Security Systems, Inc. | E-Mail: akalat () iss net
6303 Barfield Road                | <http://www.iss.net/>
Atlanta, GA 30328                         | PGP key available.

-----Original Message-----
From: Prashant Desai [mailto:prashant_secret () yahoo com] 
Sent: Saturday, January 25, 2003 2:13 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] secure ID token based authentication

Hi 

   is any body using the token based authentication
using secure ID and ACE server, i would like to
replace /etc/passwd based authentication of solaris
7,8,9 and few Redhat 7.x boxes with the secure ID
token based authetications ,along with the
authetication of cisco routers ,

 is this possible ? i search on google also checked
out the secure home page but didt got much info ,
kindly let me know is it possible or not or point me
some url having info on this 

regards
Prashant

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

http://mailplus.yahoo.com
_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: secure ID token based authentication, (continued)
- - Re: secure ID token based authentication Paul D. Robertson (Jan 25)
  - Re: secure ID token based authentication John Keeton (Jan 26)
  - Re: secure ID token based authentication ark (Jan 27)
    - Re: secure ID token based authentication Mike Scher (Jan 27)
- Re: secure ID token based authentication Luca Berra (Jan 26)
  - Message not available
    - Re: secure ID token based authentication Luca Berra (Jan 27)
    - Re: secure ID token based authentication Ben Nagy (Jan 28)
    - Re: secure ID token based authentication ark (Jan 29)
  - Re: secure ID token based authentication Ben Nagy (Jan 27)
- Re: secure ID token based authentication Miha Vitorovic (Jan 27)
- RE: secure ID token based authentication Kalat, Andrew (ISS Atlanta) (Jan 27)
  - RE: secure ID token based authentication Prashant Desai (Jan 28)
- RE: secure ID token based authentication Reckhard, Tobias (Jan 28)