RSA Authentication Agent 5.3 for Web for Apache Web Server on Red Hat Linux 4.0 Readme

Document created by RSA Link Team Employee on Jan 6, 2017
Version 1Show Document
  • View in full screen mode

March 20, 2007

 

Introduction

This document lists late-breaking information for RSA Authentication Agent 5.3 for Web for Apache Web Server on Red Hat Linux 4.0. Read this document before installing the software.

This document contains the following sections:

This Readme may be updated. The most current version can be found on RSA Link https://community.rsa.com/. Or, you can print this Readme.


Technical Notes

Security Contexts on Apache Web Server

If you use Security Enhanced Linux (SELinux) to protect the Apache Web Server, you must set the security context for all of the Web Agent shared libraries to the same value as those used by other Apache Web Sever modules. To do this, use ls -Z to determine the security context, then use chcon to set the security context. For example:

/usr/bin/chcon -u system_u -r object_r -t httpd_modules_t $RSAWebAgentInstallPath/mod_rsawa_apache.so
/usr/bin/chcon -u system_u -r object_r -t httpd_modules_t $RSAWebAgentInstallPath/librsawa_apache.so
/usr/bin/chcon -u system_u -r object_r -t httpd_modules_t $RSAWebAgentInstallPath/Plugins/libaceauth.so
/usr/bin/chcon -u system_u -r object_r -t httpd_modules_t $RSAWebAgentInstallPath/Plugins/libaceauth_pre_fork.mpm.so.org

where RSAWebAgentInstallPath is the location where you installed the Web Agent.

You also need to make sure that the security context allows the Apache Web Server to read and write to the sdconf.rec and sdstatus.12 files. Do this by either changing the location of the sdconf.rec and sdstatus.12 files from the default location, $VAR_ACE, to a location where read/write access is allowed (for example, the log directory), or change your policy to allow read/write access to $VAR_ACE.

Multi-Domain Access

If you are setting up multi-domain authentication, you must use the same WebID URL across all web servers. When using IIS web servers and Apache web servers, change the WebID URL on the Apache servers to /WebID/IISWebAgentIF.dll. For more information, see the Installation and Configuration Guide.

Browser Caching

For security purposes, instruct end users to disable caching in their browsers.


Known Issues

Tracking Number: 16432
Problem: If you log on to a protected web site, then attempt to access a different page of the web site after the initial cookie expires, you must reauthenticate. This happens because the refresh cookie generated by the Web Agent after the initial cookie expires is not detected by the Apache Web Server software.

https://scolstaging.corp.emc.com/docs/rsa_securid/rsa_ace_agents/53/web_apache_lnx/readme_apache.html


Getting Support and Service

RSA SecurCare Online: https://knowledge.rsasecurity.com/

Customer Support Information: www.rsa.com/support

RSA Secured Partner Solutions Directory: http://www.rsasecured.com/

^Top


© 2007 RSA Security Inc. All rights reserved.


Trademarks

RSA and the RSA logo are registered trademarks of RSA Security Inc. in the United States and/or other countries. For the most up-to-date listing of RSA trademarks, see www.rsasecurity.com/legal/trademarks_list.pdf. EMC is a registered trademark of EMC Corporation. All other goods and/or services mentioned are trademarks of their respective companies.

Attachments

    Outcomes