From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 10 21:19:09 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7EFD716A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Mar 2005 21:19:09 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0C32B43D4C
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Mar 2005 21:19:09 +0000 (GMT)
	(envelope-from jeff.wirth@gmail.com)
Received: by rproxy.gmail.com with SMTP id j1so585887rnf
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Mar 2005 13:19:08 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=kPF+wOk90MqRdsMgAzIHxnO7eP/Dw0Yj9yeo/96mihFjKZJ3Xmg4nY2tFs+4BJsoQxi+Ga3GewdpvdkEbG3i5kn2pAdICESNEHmmKxF2Lhv2+hjkY6Z7yI7Ytv2WoFkzwyuEpFt/O/ihzjvmHDYZVwuta1Rk5vD7SGcjt/jyy4g=
Received: by 10.38.89.36 with SMTP id m36mr2254273rnb;
        Thu, 10 Mar 2005 13:19:08 -0800 (PST)
Received: by 10.38.181.68 with HTTP; Thu, 10 Mar 2005 13:19:08 -0800 (PST)
Message-ID: <5d2cf6920503101319705ad136@mail.gmail.com>
Date: Thu, 10 Mar 2005 16:19:08 -0500
From: Jeff Wirth <jeff.wirth@gmail.com>
To: helm@fionn.es.net
In-Reply-To: <200503102014.j2AKEqu4003669@fionn.es.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <8885F1FED8259C66F1CFFD42@vortex.es.net>
	 <200503102014.j2AKEqu4003669@fionn.es.net>
cc: freebsd-questions@freebsd.org
Subject: Re: [pki-team] FreeBSD and RSA SecurID Authentication (fwd)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Jeff Wirth <jeff.wirth@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2005 21:19:09 -0000

> On Thu, 10 Mar 2005 12:14:52 -0800, Mike Helm <helm@fionn.es.net> wrote:
> John Webster forwards:
> > 'shared secret'.  (PAM module uses /etc/radius.conf for 'shared
> > secret', servername, etc)
> > 5 - Configure PAM/sshd (or whatever PAM aware services) to require
> > RADIUS authentication
> > 6 - Configure your local users. (local username must be there SecurID username)
> 
> have you given any thought to interoperation with an environment
> where local name cannot = securid username ?
> 

Not really, but my guess is that you would need to add another piece
to the puzzle.  Possibly LDAP?  I researched using LDAP very briefly (
i.e. LDAP PAM Mod -> Central LDAP -> RADIUS -> RSA ACE ) with hopes of
leveraging additional LDAP functionality.  Could be possible to store
the SecurID username within a user's LDAP entry?  Just a thought...

> We have, but we haven't figured out what (or which) is the satisfactory
> solution(s).  Or done enough work yet either, for that matter.

good luck.

 - jw