I have some general questions regarding radius.
In preface I will shortly describe my situation.
Currently we are using Checkpoint VPN-1 / Firewall-1 with S/Key User Authentication for our RAS and VPN clients.
Now Checkpoint deprecated S/Key support in the current release. So I am in charge to find a replacement for the internal S/Key system of Checkpoint.
As always the solution should be as cheap as possible, but it should not use simple passwords, so LDAP or something like this is out of the race.
So I found freeradius as a free radius server.
But where to get my passwords from? Skey is not support, SecurID is to expensive.
I read something about this cryptocard thing. This could be a possibility.
Has somebody here experience with this in connection with freeradius? Do I need something more than a freeradius running and this cards?
Does anybody know the pricing for this cards?
Another way I thought about is this:
freeradius configured to use PAM, PAM configured to use a SKey system.
Is this possible at all?
OpenBSD has SKey, but no PAM and freeradius is not running on this plattform.
SKey for Linux or Solaris? Somehow screwing it with PAM and freeradius? Has done anybody something like this before?
Or have I missed an even better solution? Has anybody further suggestions?
At the moment I would be happy about any comment.
Thanks in advance and I hope, I did not waste anybody's time here.
Sven
-- Danet Internet Solutions GmbH Business Unit E-Business and System Services Sven Eisenhauer Gutenbergstr. 10, 64331 Weiterstadt Phone: +49 61 51 86 8-6 44, Fax.: +49 61 51 86 8-6 66
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
