RE: [fw-wiz] secure ID token based authentication
From: Kalat, Andrew (ISS Atlanta) (akalat@iss.net)
Date: 01/27/03
- Next message: Rod Marten: "[fw-wiz] Cisco 6500 PIX blade"
- Previous message: Mike Scher: "Re: [fw-wiz] secure ID token based authentication"
- Maybe in reply to: Prashant Desai: "[fw-wiz] secure ID token based authentication"
- Next in thread: Prashant Desai: "RE: [fw-wiz] secure ID token based authentication"
- Reply: Prashant Desai: "RE: [fw-wiz] secure ID token based authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kalat, Andrew (ISS Atlanta)" <akalat@iss.net> To: "Prashant Desai" <prashant_secret@yahoo.com>, <firewall-wizards@honor.icsalabs.com> Date: Mon Jan 27 11:01:19 2003
Sure, you can do this a couple of ways.
For Solaris you can install the SD client which includes a new shell. In
essence, the person invokes the SDshell on login, and it will prompt for
the passcode. After proper auth, it'll pass them to their usual shell as
configured in their user account in the ACE server.
I *believe* they have a client for linux, but I'm not sure.
For Cisco, I recommend going the Tacacs route. Set up something like
Cisco's Tacacs server, which has support for SecurID on the back end.
Then, you not only can control log in to the cisco boxen using securID,
but you can control what commands that particular user can invoke. You
can also configure the ace server to listen for tacacs and radius
directly, but I'm not a big fan of this. You loose a lot of control and
features if you go direct to ACE with tacacs/radius.
Let me know if you'd like more details.
Andy
*Please note, these comments are my own and not that of my employer*
---------------------------------------------------------
Andrew J. Kalat, | Direct:(404)236-2713
MSS Senior Security Engineer | Main: (404)236-2600
Internet Security Systems, Inc. | E-Mail: akalat@iss.net
6303 Barfield Road | <http://www.iss.net/>
Atlanta, GA 30328 | PGP key available.
> -----Original Message-----
> From: Prashant Desai [mailto:prashant_secret@yahoo.com]
> Sent: Saturday, January 25, 2003 2:13 PM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] secure ID token based authentication
>
>
> Hi
>
> is any body using the token based authentication
> using secure ID and ACE server, i would like to
> replace /etc/passwd based authentication of solaris
> 7,8,9 and few Redhat 7.x boxes with the secure ID
> token based authetications ,along with the
> authetication of cisco routers ,
>
> is this possible ? i search on google also checked
> out the secure home page but didt got much info ,
> kindly let me know is it possible or not or point me
> some url having info on this
>
> regards
> Prashant
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: Rod Marten: "[fw-wiz] Cisco 6500 PIX blade"
- Previous message: Mike Scher: "Re: [fw-wiz] secure ID token based authentication"
- Maybe in reply to: Prashant Desai: "[fw-wiz] secure ID token based authentication"
- Next in thread: Prashant Desai: "RE: [fw-wiz] secure ID token based authentication"
- Reply: Prashant Desai: "RE: [fw-wiz] secure ID token based authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
