RE: RADIUS PAP-SecurID Access-Challenge
This is a discussion on RE: RADIUS PAP-SecurID Access-Challenge within the FreeRADIUS Users forums, part of the Networking and Network Related category; I'm sorry, The other day I said that there is nothing "unusual" about SecurID RADIUS authentication. I'...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-28-2006
|
|||
|
|||
RE: RADIUS PAP-SecurID Access-Challenge
I'm sorry,
The other day I said that there is nothing "unusual" about SecurID RADIUS authentication. I'm so used to EAP, I forgot about the PAP auth with a SecurID value as a password. If the RSA Authentication Manager, finds that the token is in New Pin or Next Tokencode mode, it will issue an Access-Challenge message with the Reply-Message attribute explaining the next step. The client is expected to display the text, and prompt the user, then send another Access-Request with the response in the password attribute. This exchange can continue through several steps, until an Access-Accepted or -Rejected is received. Only a few RADIUS test clients can actually deal with this. I don't know (off the top of my head) which production clients we recommend. Of course, for the best security the EAP-POTP method is our recommended authentication protocol. Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
