|Applies To||RSA SecurID agent for Linux (agent versions 5, 6 and 7)|
RHEL 4, 5 and 6, both 32 or 64 bit OS versions
|Issue||Securid PAM Agent for Linux: How to stack a unix login prompt with a Securid Password prompt|
There are limited references in documentation on how to correctly stack two modules for authentication via the PAM agent
|Resolution||On linux, the location of the pam configuration files are /etc/pam.d|
The following sshd will prompt users who ssh to a unix machine first for a password, then prompt for a two factor SecurID auth:
NOTE: If you are not receiving a PASSCODE prompt for the second authentication prompt, you will need to check /etc/ssh/sshd_config and insure the ChallengeResponseAuthentication parameter is set to yes, i.e.
If it is not set to yes, perform the change and then restart ssh as root:
service sshd restart
The following remote file will prompt users who telnet to a unix machine first for a password, then prompt for a two factor SecurID auth:
|Notes||All PAM configuration files on RHEL are located in /etc/pam.d. Each protocol (sshd, telent (or as its known to pam as a configuration file, "remote"), rlogin etc) has its own unique file name. This differs from Solaris, which uses a single file /etc/pam.conf, for PAM configuration directives.|
You should always, as a best practice, make a backup of the configuration file you are changing before making modifications to any PAM configuration files.
|Legacy Article ID||a61027|