Firewall Wizards mailing list archives
Re: LDAP and Strong Auth
From: John Adams <jna () retina net>
Date: Tue, 16 Jan 2001 01:37:28 -0500 (EST)
On Mon, 15 Jan 2001, Jeff Newton wrote:
Has anyone deployed LDAP with SecurID or Secure Computing's SafeWord Plus? I am primarily interested in interoperability, and redundancy issues.
You could write a piece of code to do this, by modifying OpenLDAP to use the SecureID API when it attempts to verify a user account (typically this is an LDAP Bind call.) It shouldn't be too hard, and if you don't mind doing some development, it can be very rewarding. Don't fall prey to what most companies do, which is to spend money on expensive integration efforts so they can have a finger to point when something breaks, instead of doing work and creating intellectual property.
As for redundancy, I have never been a fan of ACE server's master and slave topology, especially with many remote WAN-dependent offices. SafeWord Plus is supposedly peer-to-peer.
I don't like the way ACE works either, because of the multiple sites involved, and I also hate the fact that when I go to use a Cisco router, I have to wait for my Token to change -twice-. Once to Log in, and Again for the Enable. Logging into a Cisco router takes me nearly 60 seconds to get to an enable prompt from ground zero, and when our network goes batty, this costs me valuable time. A single-use password system like ACE, but without the lag and redundancy problems that the ACE Server has, would be nice. -john -- J. Adams http://www.retina.net/~jna You are supposed to be a consumer, a black hole for goods, advertising and content. They only want to allocate enough upstream bandwidth for 10,000,000 buy buttons. Producing or sharing information is a subversive act and will not be tolerated. -anonymous coward on /. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- LDAP and Strong Auth Jeff Newton (Jan 15)
- Re: LDAP and Strong Auth John Adams (Jan 16)
- <Possible follow-ups>
- Re: LDAP and Strong Auth Guy D. Hadsall (Jan 16)