From owner-freebsd-hackers Thu Mar 13 01:08:42 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA15812 for hackers-outgoing; Thu, 13 Mar 1997 01:08:42 -0800 (PST) Received: from korin.warman.org.pl (korin.warman.org.pl [148.81.160.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA15796 for ; Thu, 13 Mar 1997 01:08:34 -0800 (PST) Received: from localhost (abial@localhost) by korin.warman.org.pl (8.8.3/8.7.3) with SMTP id KAA05024; Thu, 13 Mar 1997 10:08:20 +0100 (MET) Date: Thu, 13 Mar 1997 10:08:20 +0100 (MET) From: Andrzej Bialecki To: Wilko Bulte cc: freebsd-hackers@FreeBSD.ORG Subject: Re: SecurID authentication In-Reply-To: <199703121814.TAA00691@yedi.iaf.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 12 Mar 1997, Wilko Bulte wrote: > As Andrzej Bialecki wrote... > > Hello! > > > > For those interested, I added support for Security Dynamics' smartcard > > authentication to standard login. > > > > So now you can have: > > * SecurID username/PASSCODE. If the network is down, it falls back to > > * Kerberos or S/Key or ordinary password (depends on #defines it was > > compiled with) > > Since you know more on this: I have some sort of a Defender like little > box sitting on my shelf ($3 at a flea market) that can use SecurID > smartcards. > > My question: what does such a smartcard cost? Pointers to cheap supplies > also welcome Including all the software (clients and server) + hardware (tokens themselves) it gives ca. $80 per token, if you buy a minimum of 25 tokens. The next step is 50 tokens, and of course it comes out somewhat cheaper (but not that much ;-) ) They make client software for Suns, BSDI, and ancient Linux ELF (at least those I could put my hands on).. They're not interested (as it seems) in FreeBSD market. The whole another story is that with some tweaking you can use BSDI libraries on FreeBSD. The server has built-in XTACACS authentication module, so you can use the token auth on devices supporting TACACS protocol (e.g. Ciscos, and others) Xylogics' Annexes (communication servers) can use it as well, without any additional hacking. Well, anyway, the whole stuff is rather expensive :-), and IMHO doesn't offer much more than S/Key (yea, perhaps conveniency...). But, if your company's policy is to use it everywhere, and throw out every equipment that cannot use it, it makes you nervous to see them staring suspiciously at your beloved FBSD boxie.... :-) As to where to buy it, I'm afraid I can't help you much - all I know is that we bought it from their dealer in Germany. Hope this helps a bit. Andy, +-------------------------------------------------------------------------+ Andrzej Bialecki _) _) _)_) _)_)_) _) _) --------------------------------------- _)_) _) _) _) _)_) _)_) Research and Academic Network in Poland _) _)_) _)_)_)_) _) _) _) Bartycka 18, 00-716 Warsaw, Poland _) _) _) _) _)_)_) _) _) +-------------------------------------------------------------------------+