000032586 - How to replace the default prompt strings used in RSA SecurID authentication with customized strings for RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032586
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueReplacing the default prompt strings used in RSA SecurID authentication with customized strings.
ResolutionRSA Authentication Manager 8.1 software comes as a virtual appliance (supported in a VMware environment or Microsoft Hyper-V environment) or a hardware appliance with its own SUSE Enterprise Linux operating system.
The securid.ini file lets administrators replace the default prompt strings used in RSA SecurID authentication with customized strings. Customized prompt strings are useful in situations where the default prompt strings are too long to display correctly. The install or home folder for RSA Authentication Manager 8.1 is /opt/rsa/am and the securid.ini file for RADIUS resides in the /opt/rsa/am/radius folder. Chapter 3 in the RSA Authentication Manager 8.1 RADIUS Reference Guide provides detailed information about the securid.ini file.
NOTE: Please ensure you make a copy of the securid.ini file before making any amendments as troubleshooting requires reverting back to the default securid.ini file.
Where there is more than one authentication manager instance in the deployment then the update will be required on all authentication manager instances (as the change does not get replicated from one authentication manager instance to another).
Modifying the securid.ini file is done with operating system access. SSH is enabled via the Operations Console; in the Operations Console > Administration > Operating System Access > enable SSH against the Interface eth0 > Save
The user account required to access the operating system is ‘rsaadmin’ and the password for this account was set during the deployment of the authentication manager instance by an administrator/operator.

RADIUS ini files can be modified via the Operations Console ; in the Operations Console > Deployment Configuration > RADIUS Servers > enter superadmin credentials > left-click Server Name and select Manager Server Files > left-click securid.ini and select Edit > make the required changes > Save & Restart RADIUS Server
NOTE: Using the Operations Console to make changes does not allow the administrator to make a copy of the file before performing a change. The administrator could copy the full file content and save the default settings in a new file before making the required changes.