Two factor authentication to both LDAP directory and SecurID
tnt at kalik.net
tnt at kalik.net
Fri Feb 27 12:37:11 CET 2009
>So I think what will happen is this:
>- username/tokencode-password is passed from the Cisco ASA device
>- this data is passed in cleartext to the script
> - script splits the username/tokencode and username/password
> - script proxies the u/tc via RADIUS to SecurID
> - script uses PAP to pass the u/p to out directory
> - script does these checks in sequence or concurrently
> - once both sets of credentials are accepted, an accept is passed
>back to the Cisco ASA device
>
>Does this sound right?
>
Mostly. You will have to get the password from ldap rather then send it
to it. And the check it in pre-proxy (save yourself a proxy if user/pass
don't match). This should work with pap requests.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list