Well, if you don't require the challenge (and I'd say you'd have to be
rather paranoid to do that, as long as you have a PIN-code activated
card), there are several options, I think.
I'm currently using the Enigma Logic cards/software - as others have
mentioned, they provide a RADIUS server, but I wasn't very happy with it
(among other things it is based on a very old version - 1.12 - of
Livingston's code) - and instead modified the 1.16 version that I got
with the PortMaster. The full extent of that mod is below, a total of 6
"real" lines of code (I also wrote the trivial 'safeword_pass' function
to interface to Enigma's code).
I'm not familiar with the Security Dynamics products, but from support
for them that I've seen in another piece of code (ssh, the "secure
shell"), it appears that doing a similar thing with their API should be
at least as straightforward (still omitting challenge support, that is).
--Per Hedeland
per@erix.ericsson.se
*** radiusd.c.ORIG Thu Mar 16 22:55:00 1995
--- radiusd.c Fri Mar 17 00:11:41 1995
***************
*** 1034,1039 ****
--- 1034,1052 ----
result = -1;
user_msg = (char *)NULL;
}
+ }
+ /* SAFEWORD added by Ellemtel / Per H */
+ /* Since we want something that absolutely
+ cannot be a password (in case the "wrong"
+ radiusd gets run), we put a DEL character
+ at the end in the users file */
+ else if(strcmp(check_item->strvalue,
+ "SAFEWORD\177") == 0) {
+ if(safeword_pass(namepair->strvalue,
+ string) != 0) {
+ result = -1;
+ user_msg = (char *) NULL;
+ }
}
else if(strcmp(check_item->strvalue,
string) != 0) {