From owner-freebsd-security Fri May 4 11:32:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from mdma.playboy.com (mdma.playboy.com [216.163.140.20]) by hub.freebsd.org (Postfix) with ESMTP id B6EF637B423 for ; Fri, 4 May 2001 11:32:39 -0700 (PDT) (envelope-from jamie@playboy.com) Received: by mdma.playboy.com (Postfix, from userid 100) id 5FF5812794; Fri, 4 May 2001 13:32:28 -0500 (CDT) Date: Fri, 4 May 2001 13:32:28 -0500 From: jamie rishaw To: freebsd-security@freebsd.org Cc: jamie@playboy.com Subject: RSA SecurID Client on FreeBSD: Summary Message-ID: <20010504133228.D21698@playboy.com> References: <20010504115603.C21698@playboy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010504115603.C21698@playboy.com>; from jrishaw@playboy.com on Fri, May 04, 2001 at 11:56:03AM -0500 X-No-Archive: yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I figured it out. I posted to the list after probably a week plus of hacking around, and while this isn't the most elegant solution, it works. I don't want to provide support, but for sake of list archives and other peoples sanity, here are the basic steps I took: - Grab Linux SecurID client off of RSA site at http://www.rsasecurity.com/download/linux/ - Un-tar/decompress - (Kludge) FreeBSD apparently doesnt have the linux "/bin/line" equiv, which is what the `sdsetup` program uses. So, change lines in sdsetup to substitute `$LINE_EXEC` (with quotes) to anticipated response, like 'y' for 'yes' and 'n' for 'no', and directory or pathnames as needed. (I'll include a diff at the end of this email) - Grab the sdconf.rec from /top/ace/.. on your SecurID server and put it in your $CWD - Run ./sdsetup -client - Add a test user with shell /top/ace/prog/sdshell - Add this box to your ACE/Server as a client and add user auth as you would any other new client - Verify, run, go. You need to be running Linux compatibility. I make no guarantees or warranties whatsoever; I am relaying how *I* got it to work on systems here. If you do it and lock yourself out of your own boxes, don't come running to me. This only protects interactive login, I still have yet to tackle FTP, SCP, etc. Good luck jamie -- begin diff -- 103,109d102 < if [ ! -f "$LINE_EXEC" ] < then < echo "#!/bin/sh" > /bin/line < echo "read i" >> /bin/line < echo "echo \$i" >> /bin/line < chmod 555 /bin/line < fi 207c200 < YESORNO=`$LINE_EXEC` --- > YESORNO='y' 1114c1107 < create=`$LINE_EXEC` --- > create='y' 1188c1181 < input=`$LINE_EXEC` --- > input='' 1281c1274 < test_owner=`$LINE_EXEC` --- > test_owner=rsa 1316c1309 < current_platform=`$LINE_EXEC` --- > current_platform=freebsd 1468c1461 < test_type=`$LINE_EXEC` --- > test_type=des 1508c1501 < test_path=`$LINE_EXEC` --- > test_path=/usr/local/rsa 1631c1624 < create=`$LINE_EXEC` --- > create='' -- end diff -- On Fri, May 04, 2001 at 11:56:03AM -0500, jamie rishaw wrote: > Hi, > > I'm looking to chat either on- or off-list with people that have > successfully integrated RSA's SecurID into FreeBSD. Specifically, > the client side. > > There are no official clients, and when I try to compile commercial > SSH with SecurID support, I get "File format not recognized" when the > ssh daemon tries to link sdiclient.a symbols (sdiclient.a being the > file that the ACE server generates/holds for clients to link in and > talk/authenticate with). SSH.com has still yet to reply to my open > ticket with them... > > I have searched high and low for real answers, yet I cannot find > anyone that's been able to say, "Yes, I've done it, here's how". > > URLs, Pointers, etc., are all appreciated. > > thanks in advance, > > jamie > -- > jamie rishaw > sr. wan/unix engineer/ninja // playboy enterprises inc. > opinions stated are mine, and are not necessarily those of the bunny. > -- jamie rishaw sr. wan/unix engineer/ninja // playboy enterprises inc. opinions stated are mine, and are not necessarily those of the bunny. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message