(RADIATOR) Using RSA SecurID in wireless LAN
Kawakubo, Ken
kkawakub at fhcrc.org
Mon May 16 18:08:52 CDT 2005
All,
I am tesing RSA SecurID in different environments and one of them is if it
can be used for wireless LAN authentication.
RSA ACE Agent 6.0 for Windows comes with what RSA calls RSA Security EAP
Client and if installed, RSA Security EAP shows up as a choice under Windows
Zero Configuration PEAP selections. In another words, you can choose RSA
Security EAP method to be tunnelled thru PEAP instead of EAP-MSCHAPv2.
It appears that this RSA Security EAP is a ietf draft and officially called
EAP-POTP (The Protected One-Time Password Protocol) and RSA assigns EAP
method 32.
ftp://ftp.rsasecurity.com/pub/otps/eap/draft-nystrom-eap-potp-01.html
I tried the following.
<Handler TunnelledByPEAP=1>
<AuthBy ACE>
EAPType Generic-Token
</AuthBy>
</Handler>
And I got the following message.
Mon May 16 15:26:46 2005: DEBUG: Handling with Radius::AuthACE:
Mon May 16 15:26:46 2005: DEBUG: Handling with EAP: code 2, 8, 2
Mon May 16 15:26:46 2005: DEBUG: Response type 3
Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15 not
permitted
Mon May 16 15:26:46 2005: DEBUG: AuthBy ACE result: REJECT, Desired EAP type
15 not permitted
It appears that RSA Security EAP is a new EAP method and Radiator does not
support it. (By the way, According to the RSA ACES Agent 6.0 for Windows
documentation, RSA provides a module that allows Microsoft IAS to support
RSA Security EAP.)
My question is if Radiator will support EAP-POTP. Also, is there other ways
to integrate RSA SecurID in wireless LAN environment?
Ken Kawakubo
FHCRC IT
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list