FollowToday I have setup an EMC RSA auth manager server for one of our development projects . As a part of this I had to setup multiple RSA client machines which are protected by RSA PAM agent . After googling I couldn’t find that much number of docs related to this ( except EMC doc , unfortunately a confusing one) .
1) Download the pam_agent module from the EMC site
http://singapore.emc.com/security/rsa-securid/rsa-authentication-agents/pam-7-1.htm
ftp://ftp.rsasecurity.com/pub/agents/PAM-Agent_v7.1.0.149.01_14_13_00_07_15.tar
2) # tar -xf PAM-Agent_v7.1.0.149.01_14_13_00_07_15.tar
3) # mkdir /var/ace
4) # cd PAM-Agent_v7.1.0.149.01_14_13_00_07_15
5) # ./install_pam.sh
6) copy the sdconf.rec file from the RSA authmgr server to “/var/ace ” of the rsa client
# scp /usr/local/RSASecurity/RSAAuthenticationManager/radius/sdconf.rec [email protected]:/var/ace/
7) create a file “sdopts.rec” with rsaclient ip address or localhost
# cat /var/ace/sdopts.rec
CLIENT_IP=127.0.0.1
8) Make the following changes in sshd_config of the rsaclient
UsePAM yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePrivilegeSeparation no
9) Disable system-auth and enable pam_secureid module in /etc/pam.d/ssh as follows
#auth include system-auth
auth required pam_securid.so
10) Restart ssh
Thats it !! 😉
Recent Comments