|Resolution||If you are not challenged for your Authentication Manager user ID after installing RSA Authentication Agent for Web on a Unix platform, and if you see this error in the web browser, then it is likely that the web server cannot access the files in the /var/ace (or $VAR_ACE, if defined) directory.|
- Before trying to solve the issue, make sure you know under what user ID the web server is running. For example, the Sun Java Web Server 6.x runs by default as "webservd".
- To establish communication with the Authentication Manager server, the web server must be able to read the sdconf.rec and securid files, located in /var/ace. Write permission should be granted on sdstatus.12. Set the permissions accordingly.
- Also, make sure the permissions on the /var/ace directory itself are correct. If the permissions are too restrictive (e. g., readable by root only), then there is a good chance you'll continue to experience the problem even after fixing the permissions on the files. The following example shows file permissions and ownership on a working Sun Java Web Server:
[root@fatboy:/var/ace] ls -al
drwxr-xr-x 2 root other 512 Apr 28 13:19 .
drwxr-xr-x 36 root sys 1024 Apr 28 13:14 ..
-rw-r?-r-- 1 root other 1024 Apr 28 11:56 sdconf.rec
-rw-r--r-- 1 root other 25 Apr 26 08:50 sdopts.rec
-rw-r--r-- 1 webservd webservd 2418 Apr 28 12:48 sdstatus.12
-r-------- 1 webservd webservd 512 Apr 28 12:38 securid
- If the authentication agent's debugging is enabled, you'll see the following errors:
File:newsd_api.c Line:31 # Entering SD_Init()
File:acexport.c Line:108 # Entering AceInit()
File:acinit.c Line:93 # Entering AceInitializeEx()
File:acinit.c Line:102 # AceInitializeEx: RSA ACE/Agent Version 5.3 
File:acinit.c Line:125 # AceInitializeEx: Failed to read configuration record
File:acexport.c Line:114 # Leaving AceInit() return: 201
File:newsd_api.c Line:38 # Leaving SD_Init() (not in processing) return: 201
- You can enable the authentication agent's debugging by setting the following environment variables:
export RSATRACELEVEL RSATRACEDEST
- Once debug is enabled, be sure to restart the web server.