SecurID authentication

[darshak]

Thanxs David,This has been useful to me .
Although proxy is best answer.I just wanna go in some details.
 If i own RSA ACE/server,then does it come with RSa Ace/client agent? Then 
what i need to do is write a code that talks with Freeradius and RSA 
ACE/client?
Or I need not do it?
Is this RSA/Ace server comes with client that talks to RADIUS? and I can be 
free from coding burden?
Can u please explain How
RADIUS <-->RSA/ACe server talk to each other?[if i not use proxy ]
I have read that Lucent and SBR supports this RSA/ACE SecurID so how they 
actually support?Do they have coded extra or by proxy ?
Thanxs again for your help

Rgds
Darshak


----- Original Message ----- 
From: "David Mitton" <david at mitton.com>
To: <freeradius-users at lists.freeradius.org>
Sent: Tuesday, June 06, 2006 10:23 PM
Subject: RE: SecurID authentication


> Darshak,
>
> I'm not a legal representative, but Michael's response is for
> someone that wishes to sell or distribute(?) a product that uses the
> SecurID service
>
> While doing a RADIUS proxy to for the new RADIUS server may be the correct
> approach, if you are an owner of a SecurID server solution, you can
> certainly develop code to use your licensed server for whatever
> application you wish.
>
> The product offering includes an ACE Client SDK which gives you a
> C-language API for doing SecurID authentication.   It would be fairly
> straight forward to develop your own Free RADIUS module, but there are
> details with New Pin assignment and Next Token mode that get messy.  The
> server uses Access-Challenge for them.
>
> Also the new server includes EAP support for several methods.  So proxy
> may still be the best path.
>
> David Mitton
> Software Development,
> RSA Security, Inc.
>
> PS: I urge all senders to use meaningful Subject lines, the original
> message was discarded by me on first pass as spam.
>
> ----- Original Message -----
>
> From: "Michael Lecuyer" <mjl at theorem.com>
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Subject: Re: Hello,
> Date: Tue, 06 Jun 2006 09:08:16 -0400
>
>
> It would be difficult to say how RADIUS would interact with the actual
> ACE
> server since it's a proprietary system.  In 2002 I thought about going
> down
> this route and I'm summarizing from the 5 page SecurId integration
> document.
>
> You must write code that uses RSA's 'RSA Agent' software to communicate
> with
> the RSA ACE server. You must become a partner a a cost of ten thousand
> dollars
> for each product each year you provide the product(s). You must pay RSA
> twenty
> percent of your product's licensing fee. And you must have RSA certify
> it and
> may be required to provide a training program for RSA certification
> technicians. The sublicense agreement with RSA is incompatible with any
> open
> source software.
>
> The best thing to do is use FreeRadius as a proxy to the RSA RADIUS
> server.
>
> From a client's point of view the ACE RADIUS server may require a
> simple
> CHAP/PAP transaction or there may be challenges asking for more
> information.
> It depends on the RSA server configuration.
>
> darshak wrote:
>> Hi All
>>      I m new to AAA things.I want how can I support RSA ACE/Server in
>> freeradius.
>> Can anyone has details How interaction is made between RADIUS and
>> RSA/ACE-server?. in general scenario
>>
>>
>> Rgds
>> DArshak
>>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>
>