|Applies To||RSA Authentication Agent 5.3.4 for PAM|
RSA Authentication Agent 5.0 for PAM
IBM AIX 5.3
|Issue||Error: "Node verification failed" in activity monitor when trying to authenticate|
RSA Authentication Agent for PAM does not work after upgrading operating system from IBM AIX 5.1 to 5.3
|Cause||Operating System has been upgraded from AIX 5.1 to AIX 5.3|
RSA Authentication Agent for PAM has to be upgraded to 5.3.4 in order to work on AIX 5.3 but the location of node secret is not same.
RSA Authentication Agent for PAM authentication is enabled in etc/security/users file in AIX 5.1. In AIX 5.3, a different file has to be modified to enable PAM authentication.
|Resolution||1. Please note the location of securid file on the IBM AIX machine after upgrading the Agent. Copy the securid file to the /var/ace/ directory. Alternatively, set the variable VAR_ACE pointing to the location of securid file ( example export VAR_ACE=/opt/ace/data).|
2. Try the authentication with /pam/bin/acetest. If you still notice "node verification failure" on the log monitor do the following:
a. Delete the securid file on AIX machine
b. Edit the Agent host on Auth. manager and clear the node secret for the AIX machine in question
c. Try the authentication again using/pam/bin/acetest
3. Edit etc/security/login.cfg file - comment the line as follows:
Enable RSA Authentication Agent for PAM add the below line:
4. Edit the /etc/pam.conf file and enable telnet, or log in as described on page 14 of the RSA Authentication Agent 5.3.4 for PAM Installation and Configuration Guide for challenging users in a group.
|Legacy Article ID||a30913|