At 9:46 PM -0500 3/12/02, Bennett Todd wrote: >If I wanted to set up a SecurID-authenticating Road Warrier >solution, I'd create a simple SSL-secured web page that can be used >to temporarily enable a particular cert for normal road-warrier >IPSec; that way, even though my server-side implementation would be >tied to a particular implementation, it could at least in principle >be re-implemented for others, and any client with a web browser and >an IPSec implementation could log in.
Sure, but what a royal pain to use. The current Cisco IPSec client I'm using appears to send the user password with the SecurID parameter appended to it. That seems like a reasonable solution. But ideally IPSec should have a way of dealing with the three standard security pieces--something I know, something I have and something I am. -- Kee Hinckley - Somewhere.Com, LLC http://consulting.somewhere.com/ [EMAIL PROTECTED] I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.