|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for PAM
RSA Version/Condition: 7.1
|Issue||The acetest program included with the PAM agent reports the following error when installed on IBM AIX:|
Unexpected error from ACE/Agent API
The real-time authentication activity monitor reports the following error when authentications are sent to an Authentication Manager server:
Node secret mismatch: cleared on agent but not on server
|Cause||The RSA Authentication Agent for PAM for AIX are 32-bit binaries and the PAM agent has been installed onto a 64-bit IBM AIX server where another third-party product is using 64-bit binaries and acting as another authentication agent. The node secret was created by the third-party product and the PAM agent is unable to read the node secret.|
|Resolution||The third-party product on the IBM AIX server and RSA Authentication Agent for PAM for IBM AIX must use different folders to store the SecurID configuration files. A conversion utility provided with the PAM agent called ns_conv_util can be used to convert the node secret file (securid) created by the third-party product which allows the PAM agent to read the converted node secret.|
NOTE: The default location of the SecurID configuration files used by the PAM agent is /var/ace, but this can be changed by editing the /etc/sd_pam.conf file.
For information on the usage of ns_conv_util, please refer to pages 18 and 19 of the RSA Authentication Agent 7.1 for PAM Installation and Configuration Guide for AIX.
|Notes||The SecurID configuration files are:|