|Applies To||RSA Authentication Agent for PAM|
Sun Solaris 2.9
|Issue||PASSCODE authentication with OpenSSH 3.8.1p1 on Solaris|
User is prompted for password not PASSCODE
|Cause||Changes in recent versions of OpenSSH cause an existing configuration which previously worked to fail under the newer code. This is not due to any bug or coding error, but simply that the older configuration options are not suitable for the newer version.|
|Resolution||There are two specific changes which should be made to allow the newer OpenSSH code to use SecurID as an available PAM module.|
1. Modify the sshd config file (usually /usr/local/etc/sshd_config) to have the following two parameters:
2. Ensure that the /etc/pam.conf file has the following line:
sshd auth required pam_securid.so
Since changes have been made to the sshd_config file, the SSH daemon should be restarted. Changes to pam.conf do not require a restart, and are always dynamic.
For more information, see the solution titled How to debug OpenSSH PAM with SecurID.
|Workaround||OpenSSH has been upgraded to version 3.8.1p1|
|Legacy Article ID||a21817|