Main Page‎ > ‎

Securid-ppp

securid-ppp: a script for ppp SecurID login to corporate network via a modem

Motivation

securid-ppp program is for establishing a ppp link via a modem with a network where the authentication is based on the SecurID(tm) device. Since the SecurID(tm) device displays pseudo random numbers synchronized with a central controller that changes periodically every minute, chat is not a convenient solution because the dialing procedure duration might exceed the minute. The idea is to have the password entered only when requested. For that purpose Jim Isaacson proposed an expect script: secure-card that is included in the ppp distribution. securid-ppp consists in an extension with more functionalities based on the same philosophy: i) it is based on expectk for providing a graphical user interface, ii) it enables the selection of the phone to dial among a list of phone numbers each of them associated with a location, iii) it is configurable using a resource file.

Example of resource file

You can add your default numbers and secrets in your $HOME/.secureidppprc file as follows:

set phonelocations {{France "0102030405"} {USA "0504030201"} {Wonderland "0123456789"}} set login "MyLogin" set password "StartOfMyPasswd" set modem /dev/modem set speed 115200 set prefix "" set dialstyle "DT" set defaultlocation 0

Adjustable variables of resource file

The possible variables that can be set in the resource file are:

  • phonelocations: contains a list of lists composed each of 2 elements: the location name and its phonenumber;
  • login: is your corporate login;
  • password: is the start of your password (your secret) to be completed by the random number generated on the SecurID card;
  • speed: is the speed of the DTE connecting to the modem possible values are 115200 57600 38400 14400 19200 9600 2400;
  • prefix: is the default prefix to dial out;
  • dialstyle: is the default dial style. DT and DP respectly indicates tone and pulse dialing;
  • defaultlocation: is the default index in the location list for the preferred dialing number;
  • prompt: contains the string to be expected before launching the ppp connection.

Additional remarks

This script assumes that the modem device location is in /dev/modem. For devfs please add in the /etc/devfs/conf.d directory a file named modem containing the following lines:

REGISTER ^ttySLT0$ CFUNCTION GLOBAL symlink $devname modem UNREGISTER ^ttySLT0$ CFUNCTION GLOBAL unlink modem

where ttySLT0 is to be replaced by your real modem device. Moreover on debian distributions it is convenient to give the following groups to the user that will invoke the script to set up the link:

adduser your_user_id dialout adduser your_user_id dip

Shortcuts

Some shortcuts have been defined: they are active anytime in the main window:

  • ^h: launches the help box;
  • ^a: brings the about box;
  • ^q: quits;
  • ^k: kills pppd;
  • ^r: resets the modem.

References

Comments