000016848 - RSA support for Authentication Manager and/or RSA Authentication Agents installed on CentOS since it is just like Red Hat

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000016848
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager, Authentication Agents
RSA Version/Condition:  All
IssueCustomers may call for support on one or more of the following:
  • Installation of Authentication Manager 6.1, 7.1, or 8.x on CentOS.
  • Installation of Authentication Agents on CentOS.
  • Authentication Manager 6.1, 7.1, 8.x or any RSA Authentication Agent installed on CentOS does not work correctly.

CentOS is an open source Red Hat-based Linux platform. Since it is largely based on Red Hat, customers may insist that it is Red Hat and will request support for Authentication Manager, Authentication Agents or other RSA software they are trying to use on CentOS.


RSA does not support any Authentication Manager or Authentication Agent products running on CentOS.  The risks to a customer who uses RSA two-factor authentication on CentOS are major.
Be advised,


  • There will be no vendor support if things go wrong;
  • There will be no vendor support if a security incident presents itself and an investigation occurs;
  • There will be no vendor support if forensics are involved; and
  • There is no vendor support for installation, troubleshooting or testing.
 
ResolutionA customer who insists they need to use CentOS with Authentication Manager and/or RSA Authentication Agent(s) must contact Professional Services to determine if PS can design a one-off solution that can be certified.  Alternatively, the customer can contact their RSA sales representative and/or Product Management regarding open RFE AM-13041 to qualify CentOS as a supported install platform.  This would be the proper direction to go when pushing for RSA to adopt a new operating system or special feature for limited use or limited customers.
Do not under any circumstances place RSA software that is not certified to operate on CentOS in a production environment.  A customer who installs RSA software on an unsupported operating system could become open to grave legal ramifications should a security incident occur or should the software not operate as it would on a supported Red Hat system.
The CentOS website has published a FAQ that outlines how CentOS is not Red Hat:
  • CentOS conforms fully with the upstream vendors redistribution policies and aims to be 100% binary compatible. But is NOT 100% compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.)
  • CentOS is designed for people who need an enterprise class operating system without the cost or support of the prominent North American Enterprise Linux vendor.
  • Neither the CentOS Project (those who build CentOS) nor any version of CentOS is affiliated with, produced by, or supported by the prominent North American Enterprise Linux vendor.
  • Neither does our software contain the upstream vendor's product ... although it is built from the same open source SRPMS as the upstream enterprise products.
The FAQ also discusses what CentOS's relationship is with Red Hat, Inc. or Red Hat Enterprise Linux:

  • Red Hat curates the trademarks for CentOS and is providing initial guidance and expertise required in establishing the formal board structure used to govern the CentOS Project.
  • Some members on the CentOS Project Governing Board work for Red Hat, Inc.
  • CentOS Linux is NOT supported in any way by Red Hat, Inc.
  • CentOS Linux is NOT Red Hat® Linux, it is NOT Fedora Linux. It is NOT Red Hat Enterprise Linux. It is NOT RHEL. CentOS Linux does NOT contain Red Hat Linux, Fedora, or Red Hat Enterprise Linux.
  • CentOS is built from publicly available source code provided by Red Hat, Inc.
At this time, there are a limited number of third-party partner products, where the partner has certified their product running on CentOS will work properly with SecurID. In these instances, RSA will provide support for the SecurID integration of the partner product, but not for CentOS.
 
RSA does have open requests for enhancement (RFE) to support CentOS in certain implementations, but there is no information on when this will happen. In the event RSA provides support for Authentication Manager and/or RSA Authentication Agents on CentOS, a product advisory will be distributed to customers.
Legacy Article IDa43104

Attachments

    Outcomes