[Freeipa-users] RSA Securid support
Simo Sorce
simo at redhat.com
Thu Jun 5 18:30:26 UTC 2014
On Thu, 2014-06-05 at 18:13 +0000, Lindblom, Brian R. wrote:
> I've been doing a bit of reading on integrating securid w/ ipa and am
> coming up a little short. Up-stream MIT kerberos has some mention of
> supporting it:
>
> http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support
>
> But I'm not sure if or how that translates to IPA support. Some clever
> pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth"
> layer before getting into the krb5/sss bits, but that seems hackish at
> best. There was something on this mailing list talking about AuthHub
> support, circa 2012, but neither the topic or the AuthHub git repository
> seem to have been touched since.
>
> So, long story short, is this on the roadmap, an existing feature, a
> hidden feature, or has it been done before? Any insight would be
> greatly appreciated! I dearly miss my IPA setup from my previous gig,
> but a hard-n-fast securid requirement makes it difficult to offer up as
> a solution here without more info on how they can cooperate.
IPA 4.0 will come out with integrated OTP support. To use an external
provider you will need to configure a radius server to which PIN+Code
will be sent for verification.
This is the project page: http://www.freeipa.org/page/V3/OTP
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list