|Applies To||RedHat 5.1|
Authentication Manager Web Agent for Apache 7.X and Authentication Manager Web Agent for Apache 5.3
Leveraging the bundled apache web server shipped with RH 5.1, Apache 2.2.3, or with 2.052 shipped with RH 4
|Issue||RH Apache Web Agent - error '103: Response to new PIN Request took too long' exception in new pin mode|
While ./acetest from the command line does change a new users pin correctly, when passing through Apache web page for securid login, the following exception is thrown:
103: Response to the New PIN Request took too long. Please try again.
A user that already has a functioning pin works
Response to new PIN Request took too long
The apache bundle 2.2.3 that comes with RH 5.1 is not supported. Per the installation guide for the 7.X agent, ref page 11:
The issue is caused by which compiling options were used when apache is compiled for rpm. If the rpm is compiled with worker and prefork, or worker alone, this issue will occur.
The documentation will be modified to state that prefork only can be used.
1) For 100% compatibility, you MUST use a supported version source be downloaded DIRECTLY FROM apache.org. RSA cannot guarentee every pre-made rpm available for download on the internet contains an unmodified source tree, or is compiled in a standard fashion. Compiling apache is very simple and very well documented from apache. The compile procedure has been the same since 1.3 apache.
3) To use the latest current supported version for the 7.X agent, pick up httpd-2.2.6.tar.gz
You MUST use prefork when compiling, do not use worker.
as well, in the /etc/hosts file, you must insure that what returns from the hostname command matches an entry in /etc/hosts that contains the ip, short hostname and fqdn, for example:
[root@badgirl ~]# hostname
|Notes||* The startup script in /etc/init.d for apache, httpd, should be modified to point to the new httpd executable and the the directory used in the prefix variable during compile to insure startup occurs seamlessly at boot time.|
Where RSA states:
"Apache versions mentioned here refer to distributions available on www.apache.org. Pre-packaged Apache modules available from other sources or vendors can result in incorrect behavior or missing functionality in the RSA Agent."
add case and contact info to AAAPC-409
|Legacy Article ID||a51558|