[RADIATOR] Multiple authentication methods

Alexander Hartmaier alexander.hartmaier at t-systems.at
Thu Jul 16 10:51:39 CDT 2009


Is the request to the RSA server different for Token and SMS auth?
I think the RSA Server knowns which auth methods are allowed for the
user and acts accordingly.

Am Donnerstag, den 16.07.2009, 06:44 +0200 schrieb
SPirrottina at qtc.com.au:
> Hi Hugh
>
> Thanks for your response.
>
> Basically some users will use hardware tokens, some will use SMS
> authentication, and others may need the option of using one or the
> other (for example, there may not be mobile coverage to receive an
> SMS, so they may use a hardware token)
>
> I've thought of a way I can do this through our remote ssl vpn
> appliance (Juniper) using different realms and sign in pages.  I was
> thinking SMS users would authenticate using Radiator, and hardware
> token users can authenticate directly to RSA AM, without going through
> Radius.
>
> I was wondering what Radiator can do in relation to this?
>
> Thanks
>
> Regards
> Steve Pirrottina | Network Administrator
> I.T Systems and Support | Queensland Treasury Corporation
> p: 07 3842 4677 | f: 07 3842 4910
> e: spirrottina at qtc.com.au | w: www.qtc.com.au
>
>
>
> From:
> Hugh Irvine <hugh at open.com.au>
> To:
> SPirrottina at qtc.com.au
> Cc:
> radiator at open.com.au
> Date:
> 16/07/2009 14:31
> Subject:
> Re: [RADIATOR] Multiple
> authentication methods
> Sent by:
> radiator-bounces at open.com.au
>
>
> ______________________________________________________________________
>
>
>
>
> Hello Steve -
>
> There are a number of ways of classifying requests, not just the
> Realm
> suffix on a username string.
>
> You can indeed have multiple AuthBy clauses in a Realm or Handler, or
>
> you can set up different Handlers if there is something in the
> request
> to differentiate the requests.
>
> If you can give me a bit more detail I will try to make some sensible
>
> suggestions.
>
> regards
>
> Hugh
>
>
>
> On 16 Jul 2009, at 12:05, SPirrottina at qtc.com.au wrote:
>
> > Hi
> >
> > We are evaluating RSA AM 7.1 with Radiator and have a query in
> > relation to Radiator and authenticating using different methods.
> >
> > We will have a requirement to have some users authenticating using
> > RSA hardware tokens, and some users via OnDemand SMS
> > authentication.  I noticed in a document published on RSA's website
>
> > that the way to do this with Radiator is to have different
> > authenticating groups and assign different Realms for each category
>
> > of user, and this is based on their username.
> >
> > Can this be done any other way as all our users have the same
> > username naming convention so this wouldn't work for us?  Is it
>  not
> > possible to have two authentication methods in one realm?
> >
> > Thanks for your help.
> >
> >
> >
> > Regards
> > Steve Pirrottina | Network Administrator
> > I.T Systems and Support | Queensland Treasury Corporation
> > p: 07 3842 4677 | f: 07 3842 4910
> > e: spirrottina at qtc.com.au | w: www.qtc.com.au
> > *************************
> > Queensland Treasury Corporation
> > Level 14, 61 Mary Street, Brisbane, Queensland 4000
>
> > (PO Box 1096, Brisbane Qld 4001)
> > T: +61 7 3842 4600
> > www.qtc.com.au
> >
> > This email and any attachments (collectively, 'this message') is
> > intended only for the addressee and may be confidential and
> > privileged. None of its contents may be disclosed to, or relied
> upon
> > by, any other party without our written consent. If you are not the
>
> > addressee, you must not copy or use this message for any purpose,
> > nor disclose its contents to anyone. Please delete it and notify
> QTC
> > immediately by telephoning +61 7 3842 4600 or emailing the sender.
> >
> > Any opinion or advice provided in this message is subject to any
> > assumptions noted within it and the assumption that the current
> > economic, political and/or commercial environment does not
> > materially alter. QTC does not warrant or guarantee any outcome or
> > forecast in this message. Any opinion or advice in this message is
> > provided by QTC in good faith on the basis of information supplied
> > to QTC, which may not have been independently verified by QTC.
> > Accordingly, QTC does not represent that the opinion or advice is
> > accurate or complete and it should not be relied upon as such.
> > Unless stated otherwise, the views expressed in this message are
> > those of the individual sender, not those of QTC.
> >
> > To the extent permitted by law, neither QTC nor any of its
> > employees, contractors, servants or agents accept any
> responsibility
> > and liability whatsoever for any expense, damage, claim, cause of
> > action, loss or costs, incurred by any person in connection with
> > that person or any other person placing any reliance on, or acting
> > or refraining to act on the basis of, the contents of this message.
> >
> > QTC does not warrant that any attachments to this email are free
> > from viruses or other corruption, and recommends that you scan them
>
> > for viruses before opening. QTC accepts no liability for any loss
> > caused if this message contains a virus or is otherwise corrupted.
> >
> > QTC respects your privacy, and our privacy plan is available on our
>
> > website.
> >
> > If you are a QTC public sector customer, please visit our website
> > for information about registering to access our secure customer
> sub-
> > site.
> >
> > <
> > OSC_Radiator_RSAAM_4.3.1_AuthMan7.1
> > .pdf>_______________________________________________
> > radiator mailing list
> > radiator at open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
> *************************
> Queensland Treasury Corporation
> Level 14, 61 Mary Street, Brisbane, Queensland 4000
> (PO Box 1096, Brisbane Qld 4001)
> T: +61 7 3842 4600
> www.qtc.com.au
>
> This email and any attachments (collectively, 'this message') is intended only for the addressee and may be confidential and privileged. None of its contents may be disclosed to, or relied upon by, any other party without our written consent. If you are not the addressee, you must not copy or use this message for any purpose, nor disclose its contents to anyone. Please delete it and notify QTC immediately by telephoning +61 7 3842 4600 or emailing the sender.
>
> Any opinion or advice provided in this message is subject to any assumptions noted within it and the assumption that the current economic, political and/or commercial environment does not materially alter. QTC does not warrant or guarantee any outcome or forecast in this message. Any opinion or advice in this message is provided by QTC in good faith on the basis of information supplied to QTC, which may not have been independently verified by QTC. Accordingly, QTC does not represent that the opinion or advice is accurate or complete and it should not be relied upon as such. Unless stated otherwise, the views expressed in this message are those of the individual sender, not those of QTC.
>
> To the extent permitted by law, neither QTC nor any of its employees, contractors, servants or agents accept any responsibility and liability whatsoever for any expense, damage, claim, cause of action, loss or costs, incurred by any person in connection with that person or any other person placing any reliance on, or acting or refraining to act on the basis of, the contents of this message.
>
> QTC does not warrant that any attachments to this email are free from viruses or other corruption, and recommends that you scan them for viruses before opening. QTC accepts no liability for any loss caused if this message contains a virus or is otherwise corrupted.
>
> QTC respects your privacy, and our privacy plan is available on our website.
>
> If you are a QTC public sector customer, please visit our website for information about registering to access our secure customer sub-site.
>
--
LG Alex


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


More information about the radiator mailing list