(RADIATOR) selective caching of securid token

Hugh Irvine hugh at open.com.au
Tue Sep 23 17:03:29 CDT 2003 

Hello Kai -

The only way to do do this would be with a custom AuthBy module I think.

Have a look at the source code in the "Radius" directory and check 
section 17 in the Radiator 3.7 reference manual ("doc/ref.html").

regards

Hugh


On Tuesday, Sep 23, 2003, at 21:23 Australia/Melbourne, Freese, Kai 
wrote:

> Hi there,
>
> is there in Radiator any way to configure following scenario:
>
> We use SecurID one-time passwords for several purposes. Actually we 
> have no password caching.
>
> One new application is to first authenticate from iPass client, second 
> from VPN client. We want to cache the password for one minute for the 
> second request. But we only want to allow reusing the password if this 
> second request comes from the same NAS like the first request. 
> Additionally it would be even more secure to allow reusing only if the 
> first request comes from iPass and the second from the VPN client.
>
> Is any or both of this possible with Radiator? And how to configure 
> this?
>
> Regards
>
> Kai
>
>
> --
> Die Information in dieser eMail ist vertraulich und kann dem 
> Berufsgeheimnis unterliegen. Sie ist ausschliesslich fuer den 
> Adressaten bestimmt. Jeglicher Zugriff auf diese eMail durch andere 
> Personen als den Adressaten ist untersagt. Sollten Sie nicht der fuer 
> diese eMail bestimmte Adressat sein, ist Ihnen jede Veroeffentlichung, 
> Vervielfaeltigung oder Weitergabe wie auch das Ergreifen oder 
> Unterlassen von Massnahmen im Vertrauen auf erlangte Information 
> untersagt. In dieser eMail enthaltene Meinungen oder Empfehlungen 
> unterliegen den Bedingungen des jeweiligen Mandatsverhaeltnisses mit 
> dem Adressaten.
>
> The information in this email is confidential and may be legally 
> privileged. It is intended solely for the addressee. Access to this 
> email by anyone else is unauthorized. If you are not the intended 
> recipient, any disclosure, copying, distribution or any action taken 
> or omitted to be taken in reliance on it, is prohibited and may be 
> unlawful. Any opinions or advice contained in this email are subject 
> to the terms and conditions expressed in the governing KPMG client 
> engagement letter.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list