SecurID authentication

David Mitton david at
Tue Jun 6 18:53:10 CEST 2006

	I'm not a legal representative, but Michael's response is for
someone that wishes to sell or distribute(?) a product that uses the
SecurID service

While doing a RADIUS proxy to for the new RADIUS server may be the correct
approach, if you are an owner of a SecurID server solution, you can
certainly develop code to use your licensed server for whatever
application you wish.

The product offering includes an ACE Client SDK which gives you a
C-language API for doing SecurID authentication.   It would be fairly
straight forward to develop your own Free RADIUS module, but there are
details with New Pin assignment and Next Token mode that get messy.  The
server uses Access-Challenge for them.

Also the new server includes EAP support for several methods.  So proxy
may still be the best path.

David Mitton
Software Development,
RSA Security, Inc.

PS: I urge all senders to use meaningful Subject lines, the original
message was discarded by me on first pass as spam.

----- Original Message -----

From: "Michael Lecuyer" <mjl at>
To: "FreeRadius users mailing list"
<freeradius-users at>
Subject: Re: Hello,
Date: Tue, 06 Jun 2006 09:08:16 -0400

It would be difficult to say how RADIUS would interact with the actual
server since it's a proprietary system.  In 2002 I thought about going
this route and I'm summarizing from the 5 page SecurId integration

You must write code that uses RSA's 'RSA Agent' software to communicate
the RSA ACE server. You must become a partner a a cost of ten thousand
for each product each year you provide the product(s). You must pay RSA
percent of your product's licensing fee. And you must have RSA certify
it and 
may be required to provide a training program for RSA certification 
technicians. The sublicense agreement with RSA is incompatible with any
source software.

The best thing to do is use FreeRadius as a proxy to the RSA RADIUS

 From a client's point of view the ACE RADIUS server may require a
CHAP/PAP transaction or there may be challenges asking for more
It depends on the RSA server configuration.

darshak wrote:
> Hi All
>      I m new to AAA things.I want how can I support RSA ACE/Server in 
> freeradius.
> Can anyone has details How interaction is made between RADIUS and 
> RSA/ACE-server?. in general scenario
> Rgds
> DArshak

More information about the Freeradius-Users mailing list