I recently tackled something similar to this. I'm also interested to
hear what security folks in general think of my idea.
I put up a certificate server, created our own CA as a corporate
intranet, setup a secure server, and then a web server outside the
firewall. We have dial-up access using Radius - UNIX system
authentication for mere PPP connections, or ActivCard DES key
authentication for full NT domain access. I installed the Telnet
module, written for perl, on the secure web server.
The users, on a secure link, enters his/her userid and password in the
secure web form, which then calls a perl script to actually telnet to an
internal UNIX box used for authentication. The Telnet module logs the
user in with the user id and password given in the form, and then can
execute a suid program which will change the users password if desired -
it also removes the admin flag for AIX so the user won't have to change
their password when logging in the next time. The very same UNIX box is
being used for Radius authentication for those users not requiring full
NT domain access.
This way, remote access users can actually change their own Radius login
passwords. We have some active server stuff setup for the NT domain
password as well.
It would be very simple to just verify that the user id and password
were correct, but I'm fairly interested to hear how other security
professionals look at this solution.
New Edge Tech.
> Hi all:
> I am looking for a tool to authentificate the clients over several WEB
> servers in a centralized way. The problem is that all the tools that I
> found, needs a software installed in the WEB servers (Security
> RAPTOR Axcess, etc...) and in more of the cases in the client too.
> Does anybody know a product that doesn't need software either in the
> server and in the client? It's that mean that work using X.509
> or similar.
> Thanks and best regards
> Manuel Gil
> GE Capital IT Solutions , S.L.
> System Engineering
> Edif. Torre Serrano
> C./ Serrano 47, Madrid 28001, Spain
> Phone: +34 1 4368839/00, Fax: +34 1 5769883, Mobile: 909 457616
> Internet: Manuel .