Hello, my apologies for this thread which is probably outside of general firewall discussions, but I don't know of a better list to put this one. If anyone does know of a better one, please let me know. I have a client who is using SecurID in about 100 countries with 100 different SecurID servers. They are going toward a unified login so that "djones" will only exist on one server in the entire world. They would like to set up a system where an app could do a SecurID authentication to any SecurID server in the world. SecurID does support what they call "cross realm authentication", but that is limited to 20 servers. One option we though of was merging a lot of servers into regional servers (North America, Europe, etc), but the political and technical resistence to doing so is great. I thought of having sending everyone to a Radius server and have a database in Radius point to the proper SecurID server (ie: djones is in the US server, akaiser is in the German SecurID server, rguilanni is in the Italian server), but Radius can only handle one SecurID server (and from what I've looked at, this looks like more of a restriction on what the libraries from SecurID can do than the capabilities of Radius itself). Does anyone have any ideas? Strong authentication is a must. Keeping SecurID would be highly desirable considering the massive investment they have in SecurID tokens. ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
