Re: RSA SecureID on Solaris

From: Doug Hughes (doug@Eng.Auburn.EDU)
Date: 04/08/02


Date: Mon, 8 Apr 2002 09:50:36 -0500 (CDT)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: adam morley <adam@gmi.com>

On Sat, 6 Apr 2002, adam morley wrote:

> Is anyone using these to authenticate users on Solaris? Can they be easily integrated into dtlogin, apache, etc.? Perhaps with pam in some way?
>
> Has anyone looked into how "secure" they are? Can one guess the number on the display, perhaps based on the serial on the back?
>
> For those of you who do run them, have you replaced the password with the securid random + pin number? Or done something else?
>

Yes, it works, and there are hooks in datafellows ssh, openssh, and pam
to support securid authentication. Personally, I prefer pam and there
are several free pam modules that will let you do securid authentication.

I ported Wyman Miles pam_securid from redhat to Solaris in November of
last year, and it works just fine (a couple of minor changes, and
some include file differences). (This is one of several different
versions of pam modules that you could use).

ftp.eng.auburn.edu:pub/doug/pam_securid_solaris.tar.gz



Relevant Pages

  • 5.1p1 and X11 forwarding failing
    ... The authentication ... is via PAM if that matters. ... truss reports nothing. ... If I perform the EXACT same test against stock Solaris 9 ...
    (SSH)
  • Re: 5.1p1 and X11 forwarding failing
    ... X11forward to work. ... There is a similar package on solaris? ... The authentication ... is via PAM if that matters. ...
    (SSH)
  • Re: 5.1p1 and X11 forwarding failing
    ... The authentication ... is via PAM if that matters. ... Now I attach to my 'master' sshd and follow all children ... If I perform the EXACT same test against stock Solaris 9 ...
    (SSH)
  • PAM application and root user
    ... We have users test1 and test2 in Solaris OS, ... We wanted to run a test PAM application which gets the user id and pasword ... The Pam application is written in C++, and uses Solaris 9 PAM API. ... I can do the proper authentication using ...
    (comp.unix.solaris)
  • Re: Password aging on Suns with NIS?
    ... >> wouldn't benefit from NIS+ even if we liked banging our heads against the wall). ... PAM, it looks like I could drop in a replacement for pam_unix_acct, but I suspect ... > An easy way to get password aging on the Solaris ... >> workstations and servers. ...
    (comp.security.unix)