000019295 - 6.0 PAM Agent ignores CLIENT_IP address override statement in sdopts.rec

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019295
Applies ToPAM agent 6.0
Solaris
Issue6.0 PAM Agent ignores CLIENT_IP address override statement in sdopts.rec
passcode incorrect

XR ACCESS DENIED, bad passcode


This problem occurs both with the pam module and using acetest
The 5.3.4 PAM agent works fine. Problem is only with the 6.0 PAM agent
This problem may occur whenever you are trying to establish a node secret, and you have multiple IP addresses on the agent machine.  Normally this is handled by the "CLIENT_IP=x.x.x.x" statement in sdopts.rec file. This problem may also occur when doing cross-realm authentication which always uses on sdopts.rec, even when a node secret is established.
Resolution

This problem is fixed with hotfix ID72665. Please contact Customer Support to obtain this hotfix.

NOTE: As of July, 2008 this issue is fixed in the latest PAM 6.0 agent, build 095. However there is stiil an issue with the "acetest" utility not respecting CLIENT_IP setting in sdopts.rec.  This issue is in the Known Issues of the 6.0 release notes (Tracking Number: 108319)

Legacy Article IDa39127

Attachments

    Outcomes