[pki-team] FreeBSD and RSA SecurID Authentication (fwd)

Jeff Wirth jeff.wirth at gmail.com
Thu Mar 10 13:19:09 PST 2005

> On Thu, 10 Mar 2005 12:14:52 -0800, Mike Helm <helm at fionn.es.net> wrote:
> John Webster forwards:
> > 'shared secret'.  (PAM module uses /etc/radius.conf for 'shared
> > secret', servername, etc)
> > 5 - Configure PAM/sshd (or whatever PAM aware services) to require
> > RADIUS authentication
> > 6 - Configure your local users. (local username must be there SecurID username)
> have you given any thought to interoperation with an environment
> where local name cannot = securid username ?

Not really, but my guess is that you would need to add another piece
to the puzzle.  Possibly LDAP?  I researched using LDAP very briefly (
i.e. LDAP PAM Mod -> Central LDAP -> RADIUS -> RSA ACE ) with hopes of
leveraging additional LDAP functionality.  Could be possible to store
the SecurID username within a user's LDAP entry?  Just a thought...

> We have, but we haven't figured out what (or which) is the satisfactory
> solution(s).  Or done enough work yet either, for that matter.

good luck.

 - jw

More information about the freebsd-questions mailing list