[pki-team] FreeBSD and RSA SecurID Authentication (fwd)
jeff.wirth at gmail.com
Thu Mar 10 13:19:09 PST 2005
> On Thu, 10 Mar 2005 12:14:52 -0800, Mike Helm <helm at fionn.es.net> wrote:
> John Webster forwards:
> > 'shared secret'. (PAM module uses /etc/radius.conf for 'shared
> > secret', servername, etc)
> > 5 - Configure PAM/sshd (or whatever PAM aware services) to require
> > RADIUS authentication
> > 6 - Configure your local users. (local username must be there SecurID username)
> have you given any thought to interoperation with an environment
> where local name cannot = securid username ?
Not really, but my guess is that you would need to add another piece
to the puzzle. Possibly LDAP? I researched using LDAP very briefly (
i.e. LDAP PAM Mod -> Central LDAP -> RADIUS -> RSA ACE ) with hopes of
leveraging additional LDAP functionality. Could be possible to store
the SecurID username within a user's LDAP entry? Just a thought...
> We have, but we haven't figured out what (or which) is the satisfactory
> solution(s). Or done enough work yet either, for that matter.
More information about the freebsd-questions