I have looked into, but have not found any way to change the order
of authentication for SGD. My goal would be for authentication to
use securid but base the user webtop config on AD or LDAP
membership. From my understanding of the documentation, if I turn
on LDAP, it occurs before securid so it securid never gets queried.
If I disable AD/LDAP, I have no groups that can be queried and every
user gets the same webtop.
I tried going the route of configuring basic HTTP authenication but
I cannot seem to locate mod_securid binaries for the version of
apache that SGD uses. Requiring the users to login twice (once for
securid and once for sgd is acceptable). I could leverage our cisco
ASA to prompt for the securid credentials before forwarding the
connection to the sgd server, but this has an undesirable side
effect of dropping the connection and forcing a reauthentication
every 1 to 2 hours.
not tried these myself but a simple google of "mod_securid Apache 1.3"
threw up
http://www.deny-all.com/mod_securid/binaries.html
Even though I have sun comming in in a few days to pitch the sunray/
sgd solution to us and plan on asking them this question, I would
like to know if anyone else has encountered this requirement. Call
me paranoid, but every other remote access method we have utilizes
two factor authencation and I'm not about to change that now.
Thanks in advance for any insight the list has.
-FB
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
