On Aug 31, 2010, at 10:42 AM, Shawn A. Geddis wrote:
On Aug 30, 2010, at 12:36 PM, Ben Greisler wrote:
Hello folks,
I have worked with CryptoCard and NTT's plugins for OS X Login window, but I can't seem to find anything for RSA. Is there anything out there that I am just missing?
Ultimate goal is biometric linked logins for OS X. There is an RSA back end in place and they have biometric tokens already. We just need that one piece.
Shawn, thanks for the input. Notes below:
Ben,
it is not entirely clear which authentication solution you are leaning towards or are required to use, so here are a few options.
I am in a situation where the end user has a solution in place for the Windows clients and we are trying to shoehorn in something for the OS X clients. Never a situation that works out well.
If you are strictly referring to OTP Authentication (ie. RSA SecurID) for Login then the CRYPTOCard Solution is the only one available.RSA never stepped up to the plate to provide an AuthPlugin for their tokens. CRYPTOCard did and even provide built-in services to migrate your RSA SecurID Tokens over to their Server Mgmt for full end-to-end OTP Authentication/Login.
I have worked with CryptoCard before, but getting the client to switch to it is not on the table. NTT had a product we used with good success in Japan, but I am not sure it was ever available on the open market.
If you are referring to Biometric Authentication/Login, the best solution is from UPEK - "Eikon" [1] which supports 10.4/10.5/10.6.
A nice product but it has no central management. We tested it and without any kind of central management, it unfortunately is low on the list of possibilities.
If you are referring to Smart Card based solutions, then you can see a *partial* list at the bottom of the "Tokend" page on our Smart Card Services Project page at
MacOSForge.org [2].
I had just tossed that out in case there was something out there that the list may have been familiar with that I wasn't. That said, the SC capabilities of OS X give us some possibilities and may end up being the route we go down. I am actually surprised that the client doesn't already use them.
Reviewing the above will hopefully help you in understanding your options and then you can run with your solution of choice or requirement.
- Shawn
Since the original posting I have been in touch with RSA and they support the "not on any road map" view of an OS X login product. That is what I figured, but I have it in writing now.