From owner-freebsd-questions  Sun Aug 17 18:28:01 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA09804
          for questions-outgoing; Sun, 17 Aug 1997 18:28:01 -0700 (PDT)
Received: (from jmb@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA09782
          for questions; Sun, 17 Aug 1997 18:27:58 -0700 (PDT)
From: "Jonathan M. Bresler" <jmb>
Message-Id: <199708180127.SAA09782@hub.freebsd.org>
Subject: SecurID and FreeBSD
To: questions
Date: Sun, 17 Aug 1997 18:27:58 -0700 (PDT)
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

can FreeBSD be configured to use an ACE/Server from Security Dynamics
to authenicate users at login? (http://www.securitydynamics.com)

ACE/Server talks to both RADIUS and the three flavors of TACACS.
can FreeBSD be configured to use one of these four when the 
authnication databases are located on another host?
(http://www.securitydynamics.com/service/FAQs/sdfaq4.html)

the RADIUS port appears to be a port of the server (performs the 
authenication), not a port of the client (provides the passwd and 
requests authenication from the server).

looks as if the "lo" field of the gettytab can be used to this purpose,
if the replacement program was a RADIUS client that exec'ed the user's
shell if authenication succeeded.

anyone got FreeBSD acting as a client to a RADIUS server?

jmb