How to setup RSA SecurID Authentication Agent for PAM in ten steps ?

How to Setup RSA SecurID Authentication Agent for PAM on Linux ?

March 20, 2013 Author: Admin

Today I have setup an EMC RSA auth manager server for one of our development projects . As a part of this I had to setup multiple RSA client machines which are protected by RSA PAM agent . After googling I couldn’t find that much number of docs related to this ( except EMC doc , unfortunately a confusing one) .

1) Download the pam_agent module from the EMC site

http://singapore.emc.com/security/rsa-securid/rsa-authentication-agents/pam-7-1.htm

ftp://ftp.rsasecurity.com/pub/agents/PAM-Agent_v7.1.0.149.01_14_13_00_07_15.tar

2) # tar -xf PAM-Agent_v7.1.0.149.01_14_13_00_07_15.tar

3) # mkdir /var/ace

4) # cd PAM-Agent_v7.1.0.149.01_14_13_00_07_15

5) # ./install_pam.sh

6) copy the sdconf.rec file from the RSA authmgr server to “/var/ace ” of the rsa client

# scp /usr/local/RSASecurity/RSAAuthenticationManager/radius/sdconf.rec [email protected]:/var/ace/

7) create a file “sdopts.rec” with rsaclient ip address or localhost

# cat /var/ace/sdopts.rec

CLIENT_IP=127.0.0.1

8) Make the following changes in sshd_config of the rsaclient

UsePAM yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePrivilegeSeparation no

9) Disable system-auth and enable pam_secureid module in /etc/pam.d/ssh as follows

#auth include system-auth
auth required pam_securid.so

10) Restart ssh

Thats it !! 😉

Pingback: read more()
j

I’m trying to set this up but seem to be having problems. I want PAM to take care of the RSA stuff but I also want to log into the server this is on with a local account…..Your instructions are FAR better than the crap I got with the PAM module but I’m still missing something.
vladguan

Hi, Your instructions are very useful. However, I am having an issue where the secure logs on a test RHEL 5.4 says “Access denied. API returned: 751”. Followed by “error: PAM: Authentication failure for from “.
I am trying to SSH into the test RHEL 5.4 from my Windows Host PC via Putty and I think it is trying to authenticate the user with the PC rather than the RSA Manager. In fact, the monitor on the SC does not even pick it up.
If I SSH as root to the test RHEL from my Windows PC first and then try SSH into it again as the test user, it also fails but this time, it says the failed authentication is with the test RHEL machine from with I SSHed.
Am I missing something?
Cheers,
Vlad
Phanindra

Hi Admin/All,
Thank you for the information. However, I would like to know in more details as I am in the learning stage.
I have a RSAclient and server (where AM 8.1 is configured). Now can you please let me know what are the steps that I need to perform at the client machine and at the server.
For the above I am confused where (client or server) to perform the above steps.
Please help me.

Thanks,
Phanindra

Subscribe Adminlogs

Most Read Posts

Random Posts

Recent Comments