Using RADIUS to authenticate users with RSA SecurID

Filed under
HowTos

Recently I was tasked with authenticating users who carry RSA SecurID tokens. I was highly inspired by Jeff Wirth and his success using RADIUS to authenticate with SecurID Tokens on FreeBSD. While I'm not a fan of non-free software, it's possible to make each server authenticate against the non-free RSA Ace server using only free software. This isn't a perfect solution but it's useful when such a requirement is thrust upon you.

The requirements are simple. Your RSA Authentication server must be configured to allow authentication through a RADIUS server. This means that your RSA server has some sort of RADIUS server running on it or somehow you have a RADIUS server authenticating against your RSA ACE server.

As a result of the simple nature of a RADIUS server, you'll have authentication but you'll be lacking directory services. This is suboptimal but still useful in specific cases. This is an example where you want to authenticate and you can handle creating a user name, a user ID and a group ID on the local system.

First we're going to install the PAM module that authenticates against our RADIUS server:

Full Story.