Todd R. Zimmerman" <snd1trz @
mil> and Alastair Young
com> published apparently well-justified complaints
about SDI's flagging Customer Support. For what it's worth, I understand
SDI just had a major upheaval in their CS department. They have brought in
a new director and plan to staff up considerably.
That's no excuse, of course, but hopefully things are about to
And yes, half the company _does_ seems to be at InterOp. They're
introducing both a 28.8 (PCMCIA) Motorola modem with a built-in SecurID
token, and their new token-emulation software package, "SoftID," this week.
Mr. Young may have answered Mr. Zimmerman's question about where to
find the ACE/Client in the TIS Gauntlet firewall:
>>The Gauntlet/fwtk tn-gw telnet gateway authenticates to the TIS authentication
>>daemon (authsrv in the fwtk). This daemon has the Security Dynamics
>>in it. When you set a users authentication type to "S" it does SecurID
I think TIS ported SDI's ACE/Client code into the Gauntlet package
last year; prior to that they had callouts to the APIs in ACE/Clients and
ACE ACMs. Set-up procedures for registering an ACE/Client with the
ACE/Server should be covered in SDI's ACE/Server docs, but for info on how
to enable Gauntlet to channel authentication calls through the ACE/Server,
you might check with the savvy folk at TIS.
(Mail to <tis @
com> should get through to TIS Support, if one of
the TIS Gauntlet mavens on Firewalls-L doesn't answer you directly first.)
The FWTK link is a more tenuous. The first versions of MR's neat
Firewall Tool Kit (FWTK) did have a call to the appropriate APIs in an ACE
access control module. However, as SDI evolved its product (and
particularly after SDI developed their client/server version of ACE in
'91,) there was no effort to upgrade the FWTK to maintain the SecurID
option. (I've been told that some folks have jury-rigged the connection,
but I don't know who or how, or if the code is available.) I suppose
that's the difference between shareware like the FWTK and commercial
software like Gauntlet.
(Does SOS's Freeware firewall kit have callouts to the APIs on an
ACE/Server or the ACM used by the other authentication token vendors? I
Mr. Young had his own unanswered question:
>>The question I am trying to get an answer from SD about is: where is the
>>command line interface you promised for administration functions. I asked the
>>guy at the SD booth at OSS96 in Orlando last month and was assured it would be
>>in the new 2.x server software. We just upgraded and I can't find hide nore
>>hair of the command line interface.
You were misinformed. Sorry.
SDI Engineering will eventually put in a command line interface for
administration in the ACE code -- and it probably will be a 2.X version of
the ACE/Server, rather than a 3.X -- but it doesn't exist now and there are
no plans to offer it in the immediate future.
I think SDI is still trying to get a grip on the array of
administrative options made possible by their new (v2.0) SQL-enabled RDBS.
Vin McLellan +The Privacy Guild+ <vin @
53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548