Re: SecurID query

[Greg Vickers <g.vickers () QUT EDU AU>]

Hi David,

LaPorte, David wrote:
> We've done something very similar using SecurID (without PIN) and
> existing LDAP credentials using Radiator.  I'd be happy to talk nuts and
> bolts off-list if you'd like.

Ah, excellent!  Forgot to mention, that we are migrating away from an
ancient Radiator server to FreeRADIUS, which is why we want to leverage
FreeRADIUS - doh.

Thanks,
Greg

> Greg Vickers wrote:
> > Hi all,
> >
> > Spurred by Jeff Murphy's inquiry about 2FA (two factor authentication)
> > OTP systems, I have a query:
> >
> > We are looking at SecurID, but don't like how it doesn't integrate with
> > an *existing* password system.  We are trying to leverage our existing
> > account credentials along with SecurID:  i.e. use our existing LDAP
> > username/password credentials as well as the SecurID tokencode - not
> > passcode - for authentication *at the one point* on our network.
> >
> > This way we leverage our existing authentication credentials and
> > mechanism without asking users to remember a second password (PIN part
> > of the passcode).  We know how to do this with FreeRADIUS, but haven't
> > actually got the resource to write the script for FreeRAIDUS.
> >
> > If you have implemented SecurID in this way or similar, please let me know!
> >
> > Thanks,

--
Greg Vickers
Phone: +61 7 3138 6902
IT Security Engineer & Project Manager
Queensland University of Technology, CRICOS No. 00213J