4

I want to use two factor auth for my vpn users. You know, the secureid kind of thing where they have a changing number from a keyfob to enter.

I got the free demo kit from secureid and... scary looking! It looked really involved to set up and evaluate.

I am hoping (dreaming?) of a really simple server that can act as a RADIUS server or such (so my juniper screenOS box can use it), that installs in a few minutes and is easy to test.

Does such exist?

Thank you for any thoughts on the subject!

P.S. I see the thread: Alternatives to RSA SecurID? which is great.

If this thread could focus on ease of install and set up that would be great. thanks!

Community
  • 1
Jonesome Reinstate Monica
  • 5,505

4 Answers4

1

Yubikey? I haven't tried to install it in conjunction with a RADIUS server, but the token is much easier on end user.

There are some instructions here: http://code.google.com/p/yubico-pam/wiki/YubikeyAndRadiusViaPAM

pcapademic
  • 1,670
1

I can't really offer you a suggestion for an easy to use two factor ID tool, but I can confirm that RSA's SecurID is non-trivial. It has the feel of a legacy application, with an interface and architecture that is not at all intuitive.

Having setup and maintained RSA's ACE Server/Authentication Manager before, I would definitely investigate alternatives very thoroughly before I would set it up again.

Christopher Cashell
  • 9,218
0

Mobile-OTP + FreeRADIUS or XTRadius. easy and free clients and servers.

chris
  • 11,964
0

Check out challenge/response token systems like Alladin/SecureComputing Safeword. Very easy to setup. I believe there are a couple of similar solutions out there, but I cannot recall the vendors at the moment.

duffbeer703
  • 21,265