on Nov 30, 2016Article Content
| Article Number | 000034259 |
| Applies To | RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for PAM RSA Version/Condition: 7.1 |
| Issue | The acetest program included with the PAM agent reports the following error when installed on IBM AIX: Unexpected error from ACE/Agent API The real-time authentication activity monitor reports the following error when authentications are sent to an Authentication Manager server: Node secret mismatch: cleared on agent but not on server |
| Cause | The RSA Authentication Agent for PAM for AIX are 32-bit binaries and the PAM agent has been installed onto a 64-bit IBM AIX server where another third-party product is using 64-bit binaries and acting as another authentication agent. The node secret was created by the third-party product and the PAM agent is unable to read the node secret. |
| Resolution | The third-party product on the IBM AIX server and RSA Authentication Agent for PAM for IBM AIX must use different folders to store the SecurID configuration files. A conversion utility provided with the PAM agent called ns_conv_util can be used to convert the node secret file (securid) created by the third-party product which allows the PAM agent to read the converted node secret. NOTE: The default location of the SecurID configuration files used by the PAM agent is /var/ace, but this can be changed by editing the /etc/sd_pam.conf file. For information on the usage of ns_conv_util, please refer to pages 18 and 19 of the RSA Authentication Agent 7.1 for PAM Installation and Configuration Guide for AIX. |
| Notes | The SecurID configuration files are:
|