Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Bennett Todd (betrahul.net)
Date: Fri Mar 08 2002 - 15:39:26 CST
Unless there's been some recent development I haven't heard of,
incorporating user authentication (like e.g. SecurID) into IPSec
remains an open research problem. Any solution that's in use today
is a special one-off ad-hoc hack. Such a hack is easy to make.
If I needed to cook one, I'd rig a CGI that did the SecurID auth,
then enabled that user in the FreeS/WAN config, then scheduled a job
to yank that user back out (preventing new logins) after a few
minutes. I believe you can enable/disable users without disrupting
existing security associations by just frobbing the auth data, but I
haven't tried it.
Instead of a CGI, you could do this with an ssh login, or whatever
other protocol you like.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----