000022705 - RSA Authentication Agent 5.3.4 for PAM still challenges user even though the user is in an EXCLUDE group

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022705
Applies ToRSA Authentication Agent 5.3.4 for PAM
Sun Solaris
Secure Shell Software (SSH)
IssueRSA Authentication Agent 5.3.4 for PAM still challenges user even though the user is in an EXCLUDE group
RSA SecurID user still sees "Passcode" prompt even though they are in an EXCLUDE group. Configured Group support section of sd_pam.conf. Configuration is:

ENABLE_GROUP_SUPPORT=1

INCL_EXCL_GROUPS=0 (to never prompt this group)

LIST_OF_GROUPS=redsox
CauseThe group is not the RSA SecurID users' "primary" group (which can be displayed with the "id" command)
ResolutionTo correct this issue, change the user's primary group to be "redsox" in the example above in the /etc/passwd file.
Legacy Article IDa29929

Attachments

    Outcomes