SecurID authentication

David Mitton david at mitton.com
Wed Jun 7 18:21:59 CEST 2006


Darshak,
   
   SecurID uses a proprietary client/server protocol between it's clients and it's authentication servers.
That protocol is implemented in a binary DLL (or equivalent on Unix) that is part of the distribution.

All our own components use that mechanism to communicate with the auth server, including our RADIUS server.

You can obtain a source API library and API documentation on how to use this client.   I'm not sure on the logistics, but 
look at our web site or ask your sales/support people.

This capability has been used by others, Funk (now Juniper) developed their own support in SBR.  I'm sure other have too.

Dave.


> ----- Original Message -----
> From: darshak <darshak at elitecore.com>
> To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Subject: Re: SecurID authentication
> Date: Wed, 7 Jun 2006 09:31:45 +0530
> 
> 
> Thanxs David,This has been useful to me .
> Although proxy is best answer.I just wanna go in some details.
> If i own RSA ACE/server,then does it come with RSa Ace/client agent? Then what 
> i need to do is write a code that talks with Freeradius and RSA ACE/client?
> Or I need not do it?
> Is this RSA/Ace server comes with client that talks to RADIUS? and I can be 
> free from coding burden?
> Can u please explain How
> RADIUS <-->RSA/ACe server talk to each other?[if i not use proxy ]
> I have read that Lucent and SBR supports this RSA/ACE SecurID so how they 
> actually support?Do they have coded extra or by proxy ?
> Thanxs again for your help
> 
> Rgds
> Darshak
> 
> 
> ----- Original Message ----- From: "David Mitton" <david at mitton.com>
> To: <freeradius-users at lists.freeradius.org>
> Sent: Tuesday, June 06, 2006 10:23 PM
> Subject: RE: SecurID authentication
> 
> 
> > Darshak,
> >
> > I'm not a legal representative, but Michael's response is for
> > someone that wishes to sell or distribute(?) a product that uses the
> > SecurID service
> >
> > While doing a RADIUS proxy to for the new RADIUS server may be the correct
> > approach, if you are an owner of a SecurID server solution, you can
> > certainly develop code to use your licensed server for whatever
> > application you wish.
> >
> > The product offering includes an ACE Client SDK which gives you a
> > C-language API for doing SecurID authentication.   It would be fairly
> > straight forward to develop your own Free RADIUS module, but there are
> > details with New Pin assignment and Next Token mode that get messy.  The
> > server uses Access-Challenge for them.
> >
> > Also the new server includes EAP support for several methods.  So proxy
> > may still be the best path.
> >
> > David Mitton
> > Software Development,
> > RSA Security, Inc.
> >
> > PS: I urge all senders to use meaningful Subject lines, the original
> > message was discarded by me on first pass as spam.
> >
> > ----- Original Message -----
> >
> > From: "Michael Lecuyer" <mjl at theorem.com>
> > To: "FreeRadius users mailing list"
> > <freeradius-users at lists.freeradius.org>
> > Subject: Re: Hello,
> > Date: Tue, 06 Jun 2006 09:08:16 -0400
> >
> >
> > It would be difficult to say how RADIUS would interact with the actual
> > ACE
> > server since it's a proprietary system.  In 2002 I thought about going
> > down
> > this route and I'm summarizing from the 5 page SecurId integration
> > document.
> >
> > You must write code that uses RSA's 'RSA Agent' software to communicate
> > with
> > the RSA ACE server. You must become a partner a a cost of ten thousand
> > dollars
> > for each product each year you provide the product(s). You must pay RSA
> > twenty
> > percent of your product's licensing fee. And you must have RSA certify
> > it and
> > may be required to provide a training program for RSA certification
> > technicians. The sublicense agreement with RSA is incompatible with any
> > open
> > source software.
> >
> > The best thing to do is use FreeRadius as a proxy to the RSA RADIUS
> > server.
> >
> > From a client's point of view the ACE RADIUS server may require a
> > simple
> > CHAP/PAP transaction or there may be challenges asking for more
> > information.
> > It depends on the RSA server configuration.
> >
> > darshak wrote:
> >> Hi All
> >>      I m new to AAA things.I want how can I support RSA ACE/Server in
> >> freeradius.
> >> Can anyone has details How interaction is made between RADIUS and
> >> RSA/ACE-server?. in general scenario
> >>
> >>
> >> Rgds
> >> DArshak
> >>
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
> >
> 
> 
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

>





More information about the Freeradius-Users mailing list