Great Circle Associates Firewalls
(March 1993)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Appletalk through firewalls.
From: btk @ matrix . cray . com (Bryan Koch)
Date: Tue, 2 Mar 93 11:34:48 CST
To: lkn @ llnl . gov (Leland K. Neely)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9303021726 . AA11769 @ cray . com>; from "Leland K. Neely" at Mar 2, 93 9:25 am

> Bryan Koch writes:
> > 
> > ARA, the Gatorlink, and Security Dynamics' ACE/Server team up to collectively 
> > prompt for and validate a login ID, a PIN (a password by another name), and
> > the SecurID PRN (pseudo-random number).  To generate the PRN in software
> > would require knowledge of the seed value programmed into the card, the
> > algorithm, and the time.   Of these only the third is generally available.
> > 
> Huh? This makes sense----- 
> BUT I am confused.  When Caymon showed the secure id stuff to me, they did NOT
> enter a username or password, ONLY a secure id.  (Hence my concern)
> I can take 2 of my three requirements, but not one of 3.  

There are two versions of the SecurID card.  The less expensive one
simply displays numbers.  PINs (passwords) are sent along with the
displayed information to authenticate the user.  The more expensive
cards have a 10-digit "pin pad" on them.  The user enters their
PIN on the card, and the card then displays a numerically-integrated
PIN/PRN value.  The advantage of the later of these is that the user's
PIN (password) is never sent on the network in clear form.  It is, however,
still a part of the authentication process.

> As ARA is SO SIMPLE to configure on ANY mac, I want to be able to provide a
> secure centralized access point, so the users DON'T setup their OWN access
> points..... (a political {or people} battle at times :-)

I agree.  One of the shortcomings of the current ARA offerings is that they
all support a small number of lines (the Gatorlink supports only three).
Centralized security, via SecurID or some other query protocol, greatly
simplifies security setup.


Indexed By Date Previous: Re: Appletalk through firewalls.
From: Leland K. Neely <lkn @ llnl . gov>
Next: Re: Appletalk through firewalls.
From: davidl @ Newbridge . COM (David Law)
Indexed By Thread Previous: Re: Appletalk through firewalls.
From: Mark Verber <verber @ parc . xerox . com>
Next: Re: Appletalk through firewalls.
From: davidl @ Newbridge . COM (David Law)

Search Internet Search