Password authentication fails for unchallenged users on AIX after changing to SHA256 password hashing when RSA Authentication Agent for PAM is installed
Originally Published: 2020-05-27
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for PAM
Platform: IBM AIX
Issue
Cause
Resolution
Workaround
- Make a backup of /etc/sd/pam.conf.
- Open /etc/sd/pam.conf in a text editor.
- Change the following two settings from 0 to 1:
PAM_IGNORE_SUPPORT_FOR_USERS=1 PAM_IGNORE_SUPPORT=1
- Make a backup of /etc/pam.conf.
- Open /etc/pam.conf in a text editor.
- Edit the authentication modules for your protected service. Using SSH as an example:
sshd auth required pam_securid.so not_set_pass sshd auth required pam_aixNow unchallenged users can log in with their password with the new hashing algorithm. However, challenged users have to log in using their RSA passcode followed by their AIX password.
Notes
strings pam_securid.so | grep "Agent"
Related Articles
Upgrading the Internal SecurID Authentication Manager 8.6 Certificates to SHA-256 Number of Views What are RSA Security's plans to support SHA-256 with KCA? Number of Views How to create a CA hierarchy where one subordinate CA uses SHA1 and another subordinate CA uses SHA2 while both sub CA's … Number of Views Customizing Secure Communication Number of Views Upgrading the RSA Authentication Agent for Windows certificates to SHA-256 for offline authentication and agent auto-regis… Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
