How to use RSA Securid with Openvpn?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
narzard
OpenVpn Newbie
Posts: 1
Joined: Thu Mar 10, 2016 10:05 pm

How to use RSA Securid with Openvpn?

Post by narzard » Thu Mar 10, 2016 10:08 pm

I have my access server running on ubuntu server, but, cannot figure out how to get integrate securid tokens with it. There is hardly any info on it other than saying the PAM module should be able to work somehow. I was more looking for a guide.

Thanks fam

mr7779311
OpenVpn Newbie
Posts: 1
Joined: Tue Jan 18, 2022 7:15 pm

Re: How to use RSA Securid with Openvpn?

Post by mr7779311 » Tue Jan 18, 2022 7:17 pm

I have the same issue. My users use RSA Secureid one-time passwords or 2FA. I would like to use LDAP for primary authentication and then use RSA Secureid one-time passwords for 2FA. But I cannot find any documentation on this process.

chilinux
OpenVPN Power User
Posts: 154
Joined: Thu Mar 28, 2013 8:31 am

Re: How to use RSA Securid with Openvpn?

Post by chilinux » Tue Jan 18, 2022 9:35 pm

I am surprised anyone still uses SecurID after 2011.

This document explains how to disable primary authentication and supply your own python script for authentication instead:
https://openvpn.net/vpn-server-resource ... -examples/

You can have the user type both the password and SecurID code in the same password prompt. Then have your own python script use everything except the last 6 characters to authenticate against LDAP. The last remaining 6 characters you can then code to authenticate against SecurID.

This is going to be a great deal of effort to get working correctly.

I would instead recommend taking advantage of the Google Authenticator support that already exists in OpenVPN AS. This works with any TOTP (RFC6238) application. I have not found anything that indicates that SecurID soft tokens are any more secure than TOTP compliant authenticators. Also, the events of 2011 indicated to me that the SecurID hard tokens aren't worth the price.

Information on how to set OpenVPN AS to use Google Authenticator MFA support is available here:
https://openvpn.net/vpn-server-resource ... ntication/

Post Reply