Date: Thu, 10 Mar 2005 16:19:08 -0500 From: Jeff Wirth <jeff.wirth@gmail.com> To: helm@fionn.es.net Cc: freebsd-questions@freebsd.org Subject: Re: [pki-team] FreeBSD and RSA SecurID Authentication (fwd) Message-ID: <5d2cf6920503101319705ad136@mail.gmail.com> In-Reply-To: <200503102014.j2AKEqu4003669@fionn.es.net> References: <8885F1FED8259C66F1CFFD42@vortex.es.net> <200503102014.j2AKEqu4003669@fionn.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 10 Mar 2005 12:14:52 -0800, Mike Helm <helm@fionn.es.net> wrote: > John Webster forwards: > > 'shared secret'. (PAM module uses /etc/radius.conf for 'shared > > secret', servername, etc) > > 5 - Configure PAM/sshd (or whatever PAM aware services) to require > > RADIUS authentication > > 6 - Configure your local users. (local username must be there SecurID username) > > have you given any thought to interoperation with an environment > where local name cannot = securid username ? > Not really, but my guess is that you would need to add another piece to the puzzle. Possibly LDAP? I researched using LDAP very briefly ( i.e. LDAP PAM Mod -> Central LDAP -> RADIUS -> RSA ACE ) with hopes of leveraging additional LDAP functionality. Could be possible to store the SecurID username within a user's LDAP entry? Just a thought... > We have, but we haven't figured out what (or which) is the satisfactory > solution(s). Or done enough work yet either, for that matter. good luck. - jw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5d2cf6920503101319705ad136>