Re: Linux Pulse Secure Client + SafeNet eToken?

lebedov · ‎12-05-2017

I'm using a SafeNet USB eToken (5110) to access a Junos VPN. On Windows 7, connecting to the VPN's gateway via Pulse Secure triggers the SafeNet Authentication Client to request my PIN for the token. Is there a way to configure the Linux Pulse Secure Client to use the token? I'm using version 5.3R3 of the client software on Ubuntu 16.04.03.

lebedov · ‎12-07-2017

According to the last page of the PulseSecure 5.3r3 quickstart guide, "client certificate authentication through smart cards is not supported." This seems to imply that tokens cannot currently be used either.

zanyterp · ‎12-18-2017

You should be able to use the token; however, it will need to be manually generated as indicated/guessed at by @lebedov
Is this something that is allowed by the SafeNet eToken?

lebedov · ‎12-18-2017

@zanyterp, one can manually set the password on the credential stored on the token, but I'm not sure how I implied that manual generation of the credential would enable the Linux Pulse Secure client to use it. Why would manual generation make a difference? In any event, the client doesn't seem to know how to access the credential on the token (or if it does, I can't find any information on how to configure it to do so). I did see some info in the Pulse Secure client documentation on using certs that are stored in files, but one obviously can't do that with a hardware token by design. Am I overlooking something?

zanyterp · ‎12-18-2017

No, I apologize for misunderstanding/reading too much into your note. I thought it was a token similar to RSA that was generated and pasted in as a password not an ephemeral item closer to a certificate.
Apologies