From owner-freebsd-security  Mon May  7 11:51:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from bsd4.nyct.net (bsd4.nyct.net [216.139.128.6])
	by hub.freebsd.org (Postfix) with ESMTP id E5E1F37B422
	for <freebsd-security@FreeBSD.ORG>; Mon,  7 May 2001 11:51:44 -0700 (PDT)
	(envelope-from efutch@nyct.net)
Received: from bsd1.nyct.net (efutch@bsd1.nyct.net [216.139.128.3])
	by bsd4.nyct.net (8.11.3/8.11.2) with ESMTP id f47Ipc077390
	for <freebsd-security@FreeBSD.ORG>; Mon, 7 May 2001 14:51:39 -0400 (EDT)
	(envelope-from efutch@nyct.net)
Date: Mon, 7 May 2001 14:51:38 -0400 (EDT)
From: "Eric D. Futch" <efutch@nyct.net>
To: <freebsd-security@FreeBSD.ORG>
Subject: Re: RSA SecurID Client on FreeBSD: Summary
In-Reply-To: <20010504133228.D21698@playboy.com>
Message-ID: <20010507145010.P60366-100000@bsd1.nyct.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I had word from someone at RSA that they have just completed a SecurID
client for FreeBSD based on 4.2.  They were just waiting for the changes
to be made to the web site.

-- 
Eric Futch              New York Connect.Net, Ltd.
efutch@nyct.net         Technical Support Staff
http://www.nyct.net     (212) 293-2620
"Bringing New York The Internet Service It Deserves"
KNYC: 07-May-01 13:51 EDT: 61.0 F (16.1 C), clear, humidity 49%


On Fri, 4 May 2001, jamie rishaw wrote:

>I figured it out.
>
>  I posted to the list after probably a week plus of hacking around,
>and while this isn't the most elegant solution, it works.
>
>  I don't want to provide support, but for sake of list archives and
>other peoples sanity, here are the basic steps I took:
>
>  - Grab Linux SecurID client off of RSA site at
>    http://www.rsasecurity.com/download/linux/
>  - Un-tar/decompress
>  - (Kludge) FreeBSD apparently doesnt have the linux "/bin/line"
>    equiv, which is what the `sdsetup` program uses.  So, change
>    lines in sdsetup to substitute `$LINE_EXEC` (with quotes) to
>    anticipated response, like 'y' for 'yes' and 'n' for 'no', and
>    directory or pathnames as needed.
>    (I'll include a diff at the end of this email)
>  - Grab the sdconf.rec from /top/ace/.. on your SecurID server and
>    put it in your $CWD
>  - Run ./sdsetup -client
>  - Add a test user with shell /top/ace/prog/sdshell
>  - Add this box to your ACE/Server as a client and add user auth
>    as you would any other new client
>  - Verify, run, go.
>
>  You need to be running Linux compatibility.
>
>  I make no guarantees or warranties whatsoever; I am relaying how
>*I* got it to work on systems here.  If you do it and lock yourself
>out of your own boxes, don't come running to me.  This only protects
>interactive login, I still have yet to tackle FTP, SCP, etc.
>
>  Good luck
>
>jamie
>
>
>-- begin diff --
>103,109d102
>< if [ ! -f "$LINE_EXEC" ]
>< then
>< 	echo "#!/bin/sh" > /bin/line
>< 	echo "read i" >> /bin/line
>< 	echo "echo \$i" >> /bin/line
>< 	chmod 555 /bin/line
>< fi
>207c200
><     YESORNO=`$LINE_EXEC`
>---
>>     YESORNO='y'
>1114c1107
><         create=`$LINE_EXEC`
>---
>>         create='y'
>1188c1181
><       input=`$LINE_EXEC`
>---
>>       input=''
>1281c1274
><       test_owner=`$LINE_EXEC`
>---
>>       test_owner=rsa
>1316c1309
><       current_platform=`$LINE_EXEC`
>---
>>       current_platform=freebsd
>1468c1461
><       test_type=`$LINE_EXEC`
>---
>>       test_type=des
>1508c1501
><     test_path=`$LINE_EXEC`
>---
>>     test_path=/usr/local/rsa
>1631c1624
><         create=`$LINE_EXEC`
>---
>>         create=''
>
>-- end diff --
>
>
>On Fri, May 04, 2001 at 11:56:03AM -0500, jamie rishaw wrote:
>> Hi,
>>
>>   I'm looking to chat either on- or off-list with people that have
>> successfully integrated RSA's SecurID into FreeBSD.  Specifically,
>> the client side.
>>
>>   There are no official clients, and when I try to compile commercial
>> SSH with SecurID support, I get "File format not recognized" when the
>> ssh daemon tries to link sdiclient.a symbols (sdiclient.a being the
>> file that the ACE server generates/holds for clients to link in and
>> talk/authenticate with).  SSH.com has still yet to reply to my open
>> ticket with them...
>>
>>   I have searched high and low for real answers, yet I cannot find
>> anyone that's been able to say, "Yes, I've done it, here's how".
>>
>>   URLs, Pointers, etc., are all appreciated.
>>
>> thanks in advance,
>>
>> jamie
>> --
>> jamie rishaw <jrishaw@playboy.com>
>> sr. wan/unix engineer/ninja // playboy enterprises inc.
>> opinions stated are mine, and are not necessarily those of the bunny.
>>
>
>--
>jamie rishaw <jrishaw@playboy.com>
>sr. wan/unix engineer/ninja // playboy enterprises inc.
>opinions stated are mine, and are not necessarily those of the bunny.
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message