[tac_plus] RSA SecurID / ACE Client
Matt Addison
matt.addison at lists.evilgeni.us
Fri Apr 6 00:10:49 UTC 2012
On Thu, Apr 5, 2012 at 16:15, heasley <heas at shrubbery.net> wrote:
>
> is there are a reason that you chose this direction as opposed to simply
> using the securid PAM module that they make available [and i presume that
> they still make it available]?
In our case we were already using the tac_plus PAM option for
centralized authentication (LDAP/Kerberos) for user login passwords.
This patch allows us to use centralized information for login via PAM
and still use RSA for enable.
There are also some potentially interesting opportunities with direct
ACE client integration, such as using the NAS or client IP addresses
as the authentication source to do additional access restriction and
logging at the RSA authentication manager (especially if different
groups are responsible for systems/network). I've POC'd this but have
not investigated implementing configuration options for it.
~Matt
More information about the tac_plus
mailing list