Re: [OATH-Toolkit-help] Is this possible to setup our own token server?

[Hailu Meng]

First of all. Thanks Simon for this great tool! I love it.

It seems like VMView only support RSA SecurID and Smart Card authentication. It doesn't support Radius either.

I'm glad some body already succeeded in integrating radius and oath toolkit. That gave me the hope. The "su" application works great with oathtool. But when I tried radius --> PAM --> oath toolkit, I used radtest to test radius authentication. It never got there. But oath toolkit did update the users.oath file with time stamp and other things. I tried radius --> PAM --> LDAP and it worked fine. 

Is there debug I can turn on to see what's going on with oath toolkit? The debug I put in the pam_radiusd for oath didn't give any debug information.

Thanks SImon for the help.

On Sun, Jun 12, 2011 at 5:41 AM, Simon Josefsson <address@hidden> wrote:

Hailu Meng <address@hidden> writes:

> Hi All,
>
> I'm new to OATH and OATH toolkit. We are looking for some economic solution
> for token server. The RSA SecurID is kind of costly. We really don't need so
> many tokens. The number should be less than 200 in next 5 years. So could we
> install oath toolkit in linux server and use it with some oath compliant
> hardware token or software token? Our usage is primarily for protecting VPN,
> ssh and VMView.
>
> Do you guys think it's doable? I know scalability could be a issue, but we
> only have less than 200 tokens.

Hi!  It should definitely be possible to do.  I think some people are
already using pam_oath with SSH and Radius.  I don't know about VMView,
what kind of protocol does it use?  If there is support for some
authentication plugin, you should be set.

/Simon