000018333 - How to su  as root  to a user account protected by securid  without getting Passcode prompted.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018333
Applies ToRSA ACE/Server
UNIX (AIX, HP-UX, Solaris)
RSA ACE/Agent for UNIX
IssueHow to su, as root, to a user account protected by securid, without getting Passcode prompted.
Usage for the different SecurID shells on UNIX.
How to su to other users accounts without getting PASSCODE prompted.
ResolutionACE/Server comes with three different shells that can be assigned to users:

sdshell --->  The shell that requires RSA SecurID authentication of users on UNIX clients, including AIX clients using name servers such as NIS or DNS, but excluding AIX clients using an authentication method defined in /etc/security/login.cfg.

sdshell_auth --->  The shell used to RSA SecurID-authenticate users on AIX clients that do not use name servers. A user?s primary authentication method on these clients must be ?SecurID,? and RSA SecurID must be defined in /etc/security/login.cfg to run sdshell_auth.

sdshell_adm --->  For system administrators who prefer the convenience of using the su command without having to provide an RSA SecurID PASSCODE, a third authentication shell, sdshell_adm, is provided.
Legacy Article ID6.0.3660818.2944161