000018587 - How to successfully authenticate via RSA ACE/Agent for UNIX and RSA ACE/Agent for Netscape/iPlanet on the same client machine

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018587
Applies ToRSA ACE/Server
RSA ACE/Agent for UNIX
RSA ACE/Agent 1.1 for Netscape
UNIX (AIX, HP-UX, Solaris)
iPlanet Web Server
IssueHow to successfully authenticate via RSA ACE/Agent for UNIX and RSA ACE/Agent for Netscape/iPlanet on the same client machine
Error: "Node verification failed" in ACE/Server logs
Message "PASSCODE Accepted" in ACE/Server logs
When authenticating via RSA ACE/Agent for Netscape/iPlanet, PASSCODE accepted, but when authenticating via sdshell, error "node verification failed" appears in ACE/Server log
CauseThe ACE/Agent for Netscape and the ACE/Agent for UNIX are stored on the UNIX box in separate locations.  The node secret for the ACE/Agent is stored in $VAR_ACE.  The node secret for the Netscape ACE/Agent is stored in /netscape/server4/plugins/acetemp/securid.  Therefore, there are two separate node secrets.  After authenticating successfully via one agent, the ACE/Server automatically checks the "sent node secret" box for the client.  Any future authentication via the untried protocol will always result in "node verification failed" errors in the ACE/Server log.
ResolutionIn order to properly send the node secret from the Master ACE/Server to the iPlanet Web Server or Netscape Enterprise Server, uncheck the sent node secret box for this client and authenticate via the untried protocol.  This tricks the ACE/Server into sending another node secret to the client machine allowing for these two agent pieces to exist in harmony on one client machine.

The node secret of the Web server is located in the /var/ace directory. If you change or replace this file, you must restart the Web server for the change to take effect.
Legacy Article IDa1866

Attachments

    Outcomes