[j-nsp] RSA SecurID + TACACS

Dmitri Kalintsev dek at hades.uz
Sun Nov 16 21:33:16 EST 2003


Justin,

You can use a tac+ server software that can do proxy authentication off a
radius server, and use your SecurID radius server to do it from. I have done
such implementation in the past, having used tac+ia server - it worked fine
but it's a big pain in the butt (one login per 60 seconds token limitation)
and wasn't accepted into the live network operations only because of this
delay.

You can try OTP, but there were problems in the past when JunOS sshd would
not prompt with OTP challenge string. Juniper has been supplied with all the
information to have it fixed (and it may have been fixed since - I do not
know). Do a forum search for a discussion about it a couple months ago.

On Fri, Nov 14, 2003 at 11:04:31AM -0500, Streiner, Justin wrote:
> I know JunOS supports TACACS+ authentication, but does anyone have TACACS
> authentication working into a Juniper using RSA SecurID hardware tokens?
> 
> I would imagine it works, but I don't have access to a Juniper I can make
> changes to for testing purposes at the the moment.
> 
> Thanks
> jms
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
---end quoted text---

Hope this helps.
-- 
D.K.


More information about the juniper-nsp mailing list