|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for PAM
|Issue||The RSA Authentication Agent for PAM is failing to save the node secret file, called securid in /var/ace.|
|Resolution||The RSA Authentication Agent for PAM saves configuration files in /var/ace by default. Directory permissions may need to be altered to allow the node secret file, named securid, to be saved after the first authentication. The first authentication to the Authentication Manager primary instance will create a node secret, store a copy of the node secret in the authentication agent record in the Security Console and send a copy of the node secret to the RSA Authentication Agent for PAM. The real-time authentication activity monitor will show a node secret being sent to an authentication agent.|
Where perhaps a firewall or the Security-Enhanced Linux (SELinux) is stopping the storage of the node secret, an administrator could use the Node Secret Utility (agent_nsload), to manually provide the node secret to the RSA Authentication Agent for PAM. The agent_nsload is provided in the Authentication Manager 8.x Extras zip file. See 000034558 - How to download RSA Authentication Manager 8.x full kits and service packs from RSA Link for steps to download the file.
Start the real-time authentication activity monitor to troubleshoot any failing authentications
A secure FTP client can be used to copy files to the SecurID Appliance running RSA Authentication Manager 8.x software where ssh is enabled in the Operation Console > Administration > Operating System Access > SSH Settings. Check Interface eth0 > Save