Has anyone had any success with SecurID tokens under Fedora? I have a feeling its a little unsupported from searching, but if anyone has some real world experience that would be great. The bottom line is that I need to secure a Fedora box with token authentication, even if it doesn't end up being RSA's solution.

Thanks,

Luke O'Connell
luke.us@gmail.com
GPG: http://ubml.ca/2
Cell: +1 (724) 961-8143

You have to run RSA's token server on a supported platform. If you already have a token server, then you can use RADIUS on Fedora to authenticate against it. If you don't already have a token server and Fedora is not a supported platform, then you'll need to find a different solution.

Do you think it would be possible to almost "rent" access to a token server... so that I can still authenticate with SerurIDs and forego having to install Solaris on a dedicated server?

you could purchase their RSA Appliance and use that for authentication.

Hmm... the only issue is that this needs to be a low cost project... and the appliance along will stretch into the thousands by the looks of it!

Would something like Kerberos with a pki exchange like krb5-pkinit-openssl work. I believe they are all supported and in the repos.

I don't think the RSA device will use krb5 for RSA auth, I'm not 100% sure though since it will jion a windows domain and leverage AD auth which is loosely based on krb5. Depending on the number of tokens you need, it's going to be 1,000's with or without the appliance.

Darn, I'll look in to using tokens through a third party (a couple of openID providers use RSA I believe). Thanks for the heads up guys.