[EMAIL PROTECTED] wrote: > On Wed, 26 Nov 2008, Doug Hughes wrote: > >> [EMAIL PROTECTED] wrote: >>> I'm looking for a GINA agent that I can install on windows to have >>> it authenticate against a radius server that does the >>> challenge/response authentication option (which requires asking for >>> the userid, going to the radius server to get a challenge, then >>> getting the response from the user) >>> >>> as I search it seems that the common tool for this was pgina, but >>> the author just pronounced it abandonware. >>> >>> I've got a tool that should work from a token vendor, but they only >>> want to support it going to their radius server and I need to have >>> it go against a different one. >>> >>> can anyone give me pointers to such a tool? >>> >>> David Lang >>> >> have you considered doing 'normal'* auth to a linux/unix box and then >> translating that to a radius auth using PAM? >> >> * where normal can be of a variety of other supported common auth >> methods. >> >> It might take a little bit of glue work, but it's doable. I did a >> tacacs to securid translator this way once upon a time. > > I may not be understanding what your are suggesting, but it sounds > like you think I am asking to have the *nix box authenticate against > windows. I'm trying to go the other way. > nope, we're on the same page. windows auth to radius is the goal. > I need to windows box to ask for token authentication when a user logs > into it. I have the ability to have the token authentication via > Radius and I can do this for several tools, but for windows I am > running into problems. > yup > I have a vendor tool that I can make work for plain servers or > terminal servers (without support from the vendor, not the best of > situations) > > I can't find anything to work on a Citrix server, and I'm not happy > running the vendor tool in a way that they won't support (an > opensource tool doesn't guarentee support, but at least you have a > chance) > > > With my token server I do have the ability to use a linux pam module > for authentication as well as acting like a radius server. I don't see > how that would help. > pick another way than GINA to auth your windows box to the linux box and use PAM to proxy that auth to radius, is what I'm suggesting. It may or may not be achievable, but it's something to check on. I haven't looked at the windows auth-client-world in a while.
> David Lang _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
