27 Feb
2009
27 Feb
'09
6:37 a.m.
So I think what will happen is this: - username/tokencode-password is passed from the Cisco ASA device - this data is passed in cleartext to the script - script splits the username/tokencode and username/password - script proxies the u/tc via RADIUS to SecurID - script uses PAP to pass the u/p to out directory - script does these checks in sequence or concurrently - once both sets of credentials are accepted, an accept is passed back to the Cisco ASA device
Does this sound right?
Mostly. You will have to get the password from ldap rather then send it to it. And the check it in pre-proxy (save yourself a proxy if user/pass don't match). This should work with pap requests. Ivan Kalik Kalik Informatika ISP