Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000031450 - SecurID PAM agent not protecting the gnome-screensaver page on redhat in RSA Authentication Manager 8.x

Document created by RSA Customer Support

on Jul 29, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000031450
Applies To	RSA Product Set: SecurID RSA Product/ Service Type: Authentication Manager RSA Version/Condition: 8.x
Issue	Trying to secure the gnome-screensaver on Redhat 6 machine to use the Securid Pam module, After editing gnome-screensaver to use "pam_securid" module as the as the following: [root@rh64-pam71-1 var]# cat /etc/pam.d/gnome-screensaver ************************************************************************************* #%PAM-1.0 # Fedora Core #auth [success=done ignore=ignore default=bad] pam_selinux_permit.so session include system-auth #auth include system-auth #auth optional pam_gnome_keyring.so auth required pam_securid.so account include system-auth password include system-auth # SuSE/Novell #auth include common-auth #auth optional pam_gnome_keyring.so #account include common-account #password include common-password #session include common-session ************************************************************************************* The screensaver page on the Redhat sever is not load the authentication prompt of RSA and keep flashing, On another Redhat server the authentication page is loading, user enter the correct credentials but get authentication failed, and on the RSA AM server the authentication activity monitor shows "Node Secret verification" error message.
Cause	The ace directory which contains the node secret has restricted permissions. As a result, the node secret cannot be read during the authentication via gnome-screensaver.
Resolution	You will need to give the ace directory full permissions to read, write and execute for the owner, group and others group. Example: #chmod 777 ace The sdconf.rec and securid (node secret) files both need to have the read permissions for the other groups.
Workaround	Step 1: Give the ace directory the full permissions to read, write and execute: chmod 777 /var/ace Step 2: To give the sdconf.rec and securid (node secret) files the needed permissions , execute the following command: chmod a+r /var/ace/sdconf.rec /var/ace/securid

Attachments

Outcomes

0 Comments

Recommended Content