Re: token card strong authentication
Hi, I am currently doing some research into how I can make FreeRADIUS support other token card methods. Novell eDirectory already provides support for various Token Authentication Vendors. I intend to leverage that funtionality to provide the same features to FreeRADIUS. Please get back to me if you have any suggestions or comments on this. Regards, -Sayantan >>>[EMAIL PROTECTED] 05/12/05 5:36 pm >>>Hi,I wish to use One Time Passwords with the freeradius server. I'm tryingto find the best way to do this. Unfortunately there are not many ofthe token card manafacturers that support the freeradius server. At themoment it looks as if Cryptocard are the best bet.I would be very interested to hear from anyone who has implemented anyOTP solution with freeradius.Thanks-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: token card strong authentication
Maqbool Hashim <[EMAIL PROTECTED]> wrote: > Thanks. How can I test the cryptocard tokens work with freeradius > before buying the hardware? Uh... ask cryptocard? > Is using 3DES to solve the problem not an option here? Ask cryptocard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: token card strong authentication
Maqbool Hashim schrieb: > OK do you mean get the radius server to pass user > credentials on to a OTP server? Yes, exactly. The one developped by the company I'm working for (see www.kobil.com) is at the same time a simple RADIUS server (much less features than FreeRadius, but OTOH nobody would want to incorporate all its quite specific OTP related features into a general purpose product like FreeRadius either), so you can have a feature rich RADIUS server like FreeRadius to do the bunch of the management work and only delegate verification of the OTP itself to our simple RADIUS server by means of the RADIUS proxy functionality. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: token card strong authentication
OK do you mean get the radius server to pass user credentials on to a OTP server? [EMAIL PROTECTED] wrote: Maqbool Hashim schrieb: Unfortunately there are not many of the token card manafacturers that support the freeradius server. At the moment it looks as if Cryptocard are the best bet. I would be very interested to hear from anyone who has implemented any OTP solution with freeradius. Sorry, but I don't quite see the problem... You always can use freeradius and "proxy" the OTP verification to a dedicated server, can't you? Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: token card strong authentication
Thanks. How can I test the cryptocard tokens work with freeradius before buying the hardware? Also is there a particular token in the Cryptocard range that people recommend for use with freeradius? Also while I'm on this topic: From the documentation in freeradius I understand that the challenge response algorithm is weak because it uses DES. The work around suggested is to us sync mode. Fine. Is using 3DES to solve the problem not an option here? Alan DeKok wrote: Maqbool Hashim <[EMAIL PROTECTED]> wrote: I wish to use One Time Passwords with the freeradius server. I'm trying to find the best way to do this. Unfortunately there are not many of the token card manafacturers that support the freeradius server. At the moment it looks as if Cryptocard are the best bet. They're OK. I would be very interested to hear from anyone who has implemented any OTP solution with freeradius. I haven't personally, but I know a number of others have. e.g. rlm_x99_token has been used at Google with CryptoCard tokens. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: token card strong authentication
Maqbool Hashim schrieb: > Unfortunately there are not many of > the token card manafacturers that support the freeradius > server. At the moment it looks as if Cryptocard are the > best bet. > > I would be very interested to hear from anyone who has > implemented any > OTP solution with freeradius. Sorry, but I don't quite see the problem... You always can use freeradius and "proxy" the OTP verification to a dedicated server, can't you? Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: token card strong authentication
Maqbool Hashim <[EMAIL PROTECTED]> wrote: > I wish to use One Time Passwords with the freeradius server. I'm trying > to find the best way to do this. Unfortunately there are not many of > the token card manafacturers that support the freeradius server. At the > moment it looks as if Cryptocard are the best bet. They're OK. > I would be very interested to hear from anyone who has implemented any > OTP solution with freeradius. I haven't personally, but I know a number of others have. e.g. rlm_x99_token has been used at Google with CryptoCard tokens. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html