Firewall Wizards mailing list archives
Re: SecurID Agent-Server through proxy firewall
From: Vin McLellan <vin () shore net>
Date: Thu, 18 Feb 1999 23:47:59 -0500
For dealing with web servers, ACE/SecurID, and application proxies, Carson Gaspar <carson () tla org> recommended:
The work-around everyone I've known has used is to use RADIUS through the firewall, and have a RADIUS server inside the firewall speak to the ACE/Server.
And noted, in his characteristically meek and indirect manner:
One of many reasons I'd _love_ SDI to scrap their !@$#%^ on-line protocol and create a new, more useful one. But Vin and I have had this debate before :)
Thanks for jumping in, Carson. I also just got a note in which the unidentified IT/ACE Admin I quoted earlier in this thread -- Ken Ng of KPMG <kenng () kpmg com> -- said he didn't mind being acknowledged. (Thanks, Ken!) Fyi, Carson: The post-ACE protocol -- which SDTI calls CSSP: "Cryptographic Security Service Protocol" -- is out in beta with the current version of Keon, SDTI's PKI product. <http://www.securid.com> CSSP itself is a published, standards-based, protocol for providing authorization and authorization services over a secure channel. In Keon, that secure channel is SSL, but CCSP is adaptable to support other secure channel formats as well. IPSec, for example. CCSP, the answer to my prayers and yours, will be released with Keon in mid-year. Finally!!!! I understand, btw, that one of your flames -- of which I bore the brunt, as I recall -- led to a rewrite of SDTI's documentation on how to set up remote ACE/Clients. Tks. Morgan Stanley rules! Suerte, _Vin ----- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A Thinking Man's Creed for Crypto _vbm. * Vin McLellan + The Privacy Guild + <vin () shore net> * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
Current thread:
- SecurID Agent-Server through proxy firewall Martin Bishop (Feb 10)
- Re: SecurID Agent-Server through proxy firewall Joseph S D Yao (Feb 11)
- Re: SecurID Agent-Server through proxy firewall Vin McLellan (Feb 11)
- Re: SecurID Agent-Server through proxy firewall Mark Plesser (Feb 11)
- Re: SecurID Agent-Server through proxy firewall Vin McLellan (Feb 18)
- Re: SecurID Agent-Server through proxy firewall carson (Feb 19)
- Re: SecurID Agent-Server through proxy firewall Vin McLellan (Feb 19)
- Re: SecurID Agent-Server through proxy firewall carson (Feb 19)
- <Possible follow-ups>
- Re: SecurID Agent-Server through proxy firewall Stefan Jon Silverman (Feb 12)
- Re: SecurID Agent-Server through proxy firewall Randy Garbrick (Feb 17)