Thanxs David,This has been useful to me .
Although proxy is best answer.I just wanna go in some details.
If i own RSA ACE/server,then does it come with RSa Ace/client agent? Then
what i need to do is write a code that talks with Freeradius and RSA
ACE/client?
Or I need not do it?
Is this RSA/Ace server comes with client that talks to RADIUS? and I can be
free from coding burden?
Can u please explain How
RADIUS <-->RSA/ACe server talk to each other?[if i not use proxy ]
I have read that Lucent and SBR supports this RSA/ACE SecurID so how they
actually support?Do they have coded extra or by proxy ?
Thanxs again for your help
Rgds
Darshak
----- Original Message -----
From: "David Mitton" <[EMAIL PROTECTED]>
To: <freeradius-users@lists.freeradius.org>
Sent: Tuesday, June 06, 2006 10:23 PM
Subject: RE: SecurID authentication
Darshak,
I'm not a legal representative, but Michael's response is for
someone that wishes to sell or distribute(?) a product that uses the
SecurID service
While doing a RADIUS proxy to for the new RADIUS server may be the correct
approach, if you are an owner of a SecurID server solution, you can
certainly develop code to use your licensed server for whatever
application you wish.
The product offering includes an ACE Client SDK which gives you a
C-language API for doing SecurID authentication. It would be fairly
straight forward to develop your own Free RADIUS module, but there are
details with New Pin assignment and Next Token mode that get messy. The
server uses Access-Challenge for them.
Also the new server includes EAP support for several methods. So proxy
may still be the best path.
David Mitton
Software Development,
RSA Security, Inc.
PS: I urge all senders to use meaningful Subject lines, the original
message was discarded by me on first pass as spam.
----- Original Message -----
From: "Michael Lecuyer" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
Subject: Re: Hello,
Date: Tue, 06 Jun 2006 09:08:16 -0400
It would be difficult to say how RADIUS would interact with the actual
ACE
server since it's a proprietary system. In 2002 I thought about going
down
this route and I'm summarizing from the 5 page SecurId integration
document.
You must write code that uses RSA's 'RSA Agent' software to communicate
with
the RSA ACE server. You must become a partner a a cost of ten thousand
dollars
for each product each year you provide the product(s). You must pay RSA
twenty
percent of your product's licensing fee. And you must have RSA certify
it and
may be required to provide a training program for RSA certification
technicians. The sublicense agreement with RSA is incompatible with any
open
source software.
The best thing to do is use FreeRadius as a proxy to the RSA RADIUS
server.
From a client's point of view the ACE RADIUS server may require a
simple
CHAP/PAP transaction or there may be challenges asking for more
information.
It depends on the RSA server configuration.
darshak wrote:
Hi All
I m new to AAA things.I want how can I support RSA ACE/Server in
freeradius.
Can anyone has details How interaction is made between RADIUS and
RSA/ACE-server?. in general scenario
Rgds
DArshak
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html