000021744 - How to enable UNIX passwords along with RSA SecurID using RSA ACE/Agent for PAM

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021744
Applies ToSun Solaris 2.8
Sun Solaris 2.9
IssueHow to enable UNIX passwords along with RSA SecurID using RSA ACE/Agent for PAM
Passcode prompt comes up normally, but is followed up by a password prompt (or, conversely, is not followed up by a password prompt)
CauseIn Solaris, the PAM configurations are within a file called pam.conf.  This file can be found in the /etc directory. An example of one of the configuration lines is for the protocol rlogin:

    rlogin     auth required     /usr/lib/security/$ISA/pam_unix.so.1   (this line is in the pam.conf by default...this is the UNIX password)

    rlogin     auth required     /usr/lib/security/$ISA?pam_securid.so  (this line must be added to enable SecurID...this is the Passcode prompt)

As listed above, an rlogin user would first be challenged by a UNIX password, then a SecurID prompt. You could switch the order in the pam.conf to allow SecurID to be prompted 1st, then the UNIX password.
ResolutionEnabling or disabling the UNIX password for a given protocol is accomplished by commenting out (#), or NOT commenting, the native UNIX challenge.
Legacy Article IDa24795