[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] openVPN + OTP

  • Subject: Re: [Openvpn-users] openVPN + OTP
  • From: "Caleb Pal" <m1009@xxxxxxxxxxxx>
  • Date: Thu, 28 Jun 2007 16:25:41 -0600


I have SecurID + openvpn working with the PAM module. You must have the ACE 
server setup, and define your agent hosts (clients that can access the Ace 
server, such as localhost, or another machine on your LAN. Install the 
authentication client software on all machines that will auth against 
SecurID/PAM. Add your users and tokens to the Ace server, and activate the 
users on the agent hosts that you want them to be able to auth from. The 
newest pam module did not work with my version of Debian Linux, I ended up 
using an older version of the pam module, 5.3.4 IIRC. If you do not want to 
auth with PAM, use radius. I never did have any luck with RSA's Radius 
Server on debian, but then again, none of the software, including the Ace 
Server, is meant to run on debian. Thats basically how it is done, there are 
many parts that I didn't cover that you will need to read into. The SecurID 
docs cover it fairly well.


Openvpn-users mailing list