>
>Anybody have a terminal server authenticating with SecurID?
Sure, lots of them.
>What we'd like is a box that folks could connect with PPP, but would require
>they input their SecurID number (probably in a terminal window after the
>modems connect).
>
>If you have this working, I'd like to talk.
>
>- --Mike
The ACE/Server includes a RADIUS implementation on NT and Unix platforms and the Cisco
reference implementation of tacacs+ on Unix platforms (I believe that the tac+ is
older code). Setup on the ACE/Server side is pretty well covered in the SDI (RSA?) doc
set. Some things to be aware of -- the ACE/Server will not handle CHAP requests for
SecurID passcodes so the PPP session will have to negotiate PAP for authentication if
you do the PPP auth or you can bring up the terminal window after connect as you
mention. If some accounts do not use SecurID authentication their authentication info
will travel at least some of the network in clear text. Setting up SecurID integration
with many of the popular commercial RADIUS/tac+ implementations is really
straightforward. The authentication with RADIUS may take an extra step on some
platforms compared to tac+ (ie. login:, password:, PASSCODE: ) due to differences in
the two protocols. Good luck...
Regards,
--tcw
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
