Quintana Alcantara Edgar Uriel
2004-Feb-17 01:32 UTC
OpenSSH with RSA authentication Server
Hello, in my company we want to implement a Two-Factor authentication in servers with Solaris(8 or 9) and HP-UX (11 or 11i). The authentication server will be a RSA. We want to use OpenSSH to ask for authorization twice, first with PAM, and then to the RSA server. I like to know if somebody already implemented. Thanks for your help Uriel Quintana La informaci?n contenida en este correo electr?nico es confidencial y est? legalmente protegida. Est? dirigido solamente a la direcci?n de correo se?alada. El acceso a este correo electr?nico por cualquier otra persona, No est? autorizado. Si Ud. no es el receptor deliberado de este correo electr?nico, cualquier difusi?n, copia o distribuci?n est? prohibida y puede ser ilegal.? Si lo ha recibido por error, por favor notifique al emisor e inmediatamente? b?rrelo de forma permanente y destruya cualquier copia impresa. En caso de que el correo est? dirigido a alguno de nuestros clientes, la opini?n o recomendaci?n contenida est? sujeta a las condiciones regulatorias de ING que resulten aplicables o a los acuerdos comerciales suscritos con el cliente. ? The information in this Internet e-mail is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet e-mail by anyone else is unauthorized. If you are not the intended recipient of this e-mail, any disclosure, copying, or distribution of it is prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender and immediately and permanently delete it and destroy any copies of it that were printed out.? When addressed to our clients any opinions or advice contained in this Internet e-mail is subject to the terms and conditions expressed in any applicable governing ING terms of business or client engagement letter.
Quintana Alcantara Edgar Uriel wrote:> Hello, > > in my company we want to implement a Two-Factor authentication in servers > with Solaris(8 or 9) and HP-UX (11 or 11i). The authentication server will > be a RSA. > > We want to use OpenSSH to ask for authorization twice, first with PAM, and > then to the RSA server.Why not just do it with PAM, using a pam.conf which uses both pam_unix.so and pam_securid.so? OpenSSH supports this already, current snapshots work best. -d
Quintana Alcantara Edgar Uriel wrote: [snip]> The information in this Internet e-mail is confidential and may be> legally privileged. It is intended solely for the addressee(s). Access > to this Internet e-mail by anyone else is unauthorized. If you are > not the intended recipient of this e-mail, any disclosure, copying,> or distribution of it is prohibited.I was going to suggest a PAM configuration that might be able to do what you want. However, since I'm not the addressee, I'm not authorized to access the message to compose a response (or, indeed, quote the parts that I'm responding to). In future, please don't post confidential information to a public mailing list. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.