Date: Fri, 4 May 2001 13:32:28 -0500 From: jamie rishaw <jrishaw@playboy.com> To: freebsd-security@freebsd.org Cc: jamie@playboy.com Subject: RSA SecurID Client on FreeBSD: Summary Message-ID: <20010504133228.D21698@playboy.com> In-Reply-To: <20010504115603.C21698@playboy.com>; from jrishaw@playboy.com on Fri, May 04, 2001 at 11:56:03AM -0500 References: <20010504115603.C21698@playboy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I figured it out.
I posted to the list after probably a week plus of hacking around,
and while this isn't the most elegant solution, it works.
I don't want to provide support, but for sake of list archives and
other peoples sanity, here are the basic steps I took:
- Grab Linux SecurID client off of RSA site at
http://www.rsasecurity.com/download/linux/
- Un-tar/decompress
- (Kludge) FreeBSD apparently doesnt have the linux "/bin/line"
equiv, which is what the `sdsetup` program uses. So, change
lines in sdsetup to substitute `$LINE_EXEC` (with quotes) to
anticipated response, like 'y' for 'yes' and 'n' for 'no', and
directory or pathnames as needed.
(I'll include a diff at the end of this email)
- Grab the sdconf.rec from /top/ace/.. on your SecurID server and
put it in your $CWD
- Run ./sdsetup -client
- Add a test user with shell /top/ace/prog/sdshell
- Add this box to your ACE/Server as a client and add user auth
as you would any other new client
- Verify, run, go.
You need to be running Linux compatibility.
I make no guarantees or warranties whatsoever; I am relaying how
*I* got it to work on systems here. If you do it and lock yourself
out of your own boxes, don't come running to me. This only protects
interactive login, I still have yet to tackle FTP, SCP, etc.
Good luck
jamie
-- begin diff --
103,109d102
< if [ ! -f "$LINE_EXEC" ]
< then
< echo "#!/bin/sh" > /bin/line
< echo "read i" >> /bin/line
< echo "echo \$i" >> /bin/line
< chmod 555 /bin/line
< fi
207c200
< YESORNO=`$LINE_EXEC`
---
> YESORNO='y'
1114c1107
< create=`$LINE_EXEC`
---
> create='y'
1188c1181
< input=`$LINE_EXEC`
---
> input=''
1281c1274
< test_owner=`$LINE_EXEC`
---
> test_owner=rsa
1316c1309
< current_platform=`$LINE_EXEC`
---
> current_platform=freebsd
1468c1461
< test_type=`$LINE_EXEC`
---
> test_type=des
1508c1501
< test_path=`$LINE_EXEC`
---
> test_path=/usr/local/rsa
1631c1624
< create=`$LINE_EXEC`
---
> create=''
-- end diff --
On Fri, May 04, 2001 at 11:56:03AM -0500, jamie rishaw wrote:
> Hi,
>
> I'm looking to chat either on- or off-list with people that have
> successfully integrated RSA's SecurID into FreeBSD. Specifically,
> the client side.
>
> There are no official clients, and when I try to compile commercial
> SSH with SecurID support, I get "File format not recognized" when the
> ssh daemon tries to link sdiclient.a symbols (sdiclient.a being the
> file that the ACE server generates/holds for clients to link in and
> talk/authenticate with). SSH.com has still yet to reply to my open
> ticket with them...
>
> I have searched high and low for real answers, yet I cannot find
> anyone that's been able to say, "Yes, I've done it, here's how".
>
> URLs, Pointers, etc., are all appreciated.
>
> thanks in advance,
>
> jamie
> --
> jamie rishaw <jrishaw@playboy.com>
> sr. wan/unix engineer/ninja // playboy enterprises inc.
> opinions stated are mine, and are not necessarily those of the bunny.
>
--
jamie rishaw <jrishaw@playboy.com>
sr. wan/unix engineer/ninja // playboy enterprises inc.
opinions stated are mine, and are not necessarily those of the bunny.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010504133228.D21698>