[Freeipa-users] RSA Securid support
Dmitri Pal
dpal at redhat.com
Thu Jun 5 19:09:20 UTC 2014
On 06/05/2014 02:42 PM, Lindblom, Brian R. wrote:
> That's fantastic. Thanks for the link.
Here is a video:
https://drive.google.com/#folders/0B3tfpNCVjJdCWFQxUk9NdkpHN2c
If instead of using an IPA managed token you configure RADIUS proxy to
your RSA Authentication Manager you would be able to accomplish a
similar result as in the video.
Do not forget configure the IPA server client in RSA Authentication
Manager as a single transaction server to avoid new pin and next token
code mode hurdles.
We would appreciate a HowTo page if you make it work.
http://www.freeipa.org/page/HowTos
>
> Thanks,
> -Brian
>
> On Thu, 2014-06-05 at 14:30 -0400, Simo Sorce wrote:
>> On Thu, 2014-06-05 at 18:13 +0000, Lindblom, Brian R. wrote:
>>> I've been doing a bit of reading on integrating securid w/ ipa and am
>>> coming up a little short. Up-stream MIT kerberos has some mention of
>>> supporting it:
>>>
>>> http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support
>>>
>>> But I'm not sure if or how that translates to IPA support. Some clever
>>> pam rules could certainly be shoehorned-in as a sort of RSA "pre-auth"
>>> layer before getting into the krb5/sss bits, but that seems hackish at
>>> best. There was something on this mailing list talking about AuthHub
>>> support, circa 2012, but neither the topic or the AuthHub git repository
>>> seem to have been touched since.
>>>
>>> So, long story short, is this on the roadmap, an existing feature, a
>>> hidden feature, or has it been done before? Any insight would be
>>> greatly appreciated! I dearly miss my IPA setup from my previous gig,
>>> but a hard-n-fast securid requirement makes it difficult to offer up as
>>> a solution here without more info on how they can cooperate.
>> IPA 4.0 will come out with integrated OTP support. To use an external
>> provider you will need to configure a radius server to which PIN+Code
>> will be sent for verification.
>>
>> This is the project page: http://www.freeipa.org/page/V3/OTP
>>
>> Simo.
>>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list