login about faq

How do you configure RSA SecurID authentication on Solaris 10 ?

asked Dec 27 '10 at 18:10

SSH%20KB's gravatar image

SSH KB ♦
509250247238


RSA SecurID Submethod

RSA SecurID is a widely-used two-factor authentication method based on the use of SecurID Authenticator tokens. In SSH Tectia, support for RSA SecurID is enabled as a submethod of keyboard-interactive authentication.

The prerequisite for enabling SecurID support in SSH Tectia Server is that RSA Authentication Agent software (previously RSA ACE/Agent) is installed on the server host. When RSA SecurID is used, SSH Tectia Server queries the user for the token's numerical code and passes the code to RSA Authentication Agent for verification. RSA Authentication Agent then returns the success or failure of the authentication to SSH Tectia Server.

RSA SecurID authentication provides two different authentication agents:

RSA Authentication Agent for PAM (versions 5.3.4 and 6.0.0) RSA Authentication Agent for UNIX (version 5.2 )

The SSH Tectia Server configuration needs different settings depending on which RSA Authentication Agent is used.

To use SecurID authentication, you should be familiar with the operation of RSA Authentication Manager (previously RSA ACE/Server).

Configuring RSA Authentication Agent for Unix

For the SecurID authentication to work with SSH Tectia Server on Unix, the RSA Authentication Agent libaceclnt.so library has to be available in the /usr/lib directory (alternatively /user/ace/lib or /opt/ace/lib).

The following example shows the settings required in the ssh-server-config.xml file for keyboard-interactive authentication using the SecurID submethod:

...

Giving the dll-path attribute is not required. SSH Tectia Server locates the libraries automatically.

Configuring RSA Authentication Agent for PAM

When you want to use keyboard-interactive authentication using the RSA Authentication Agent for PAM, make the following settings in the ssh-server-config.xml file:

...

In addition, create a symlink for libpam as follows:

ln -s /lib/libpam.so.1 /lib/libpam.so

Note that if any patches have been applied to PAM, the number on the end of that first filename may increment.

Add the following lines to the /etc/pam.conf file:

ssh-server-g3 auth required /usr/lib/security/pam_securid.sossh-server-g3 account required /usr/lib/security/pam_unix_account.so.1ssh-server-g3 session required /usr/lib/security/pam_unix_session.so.1

link

answered Dec 27 '10 at 20:03

renaes's gravatar image

renaes
2462

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×15
×11
×3

Asked: Dec 27 '10 at 18:10

Seen: 7,115 times

Last updated: Mar 08 '11 at 00:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.