Password authentication fails for unchallenged users on AIX after changing to SHA256 password hashing when RSA Authentication Agent for PAM is installed
Originally Published: 2020-05-27
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for PAM
Platform: IBM AIX
Issue
Cause
Resolution
Workaround
- Make a backup of /etc/sd/pam.conf.
- Open /etc/sd/pam.conf in a text editor.
- Change the following two settings from 0 to 1:
PAM_IGNORE_SUPPORT_FOR_USERS=1 PAM_IGNORE_SUPPORT=1
- Make a backup of /etc/pam.conf.
- Open /etc/pam.conf in a text editor.
- Edit the authentication modules for your protected service. Using SSH as an example:
sshd auth required pam_securid.so not_set_pass sshd auth required pam_aixNow unchallenged users can log in with their password with the new hashing algorithm. However, challenged users have to log in using their RSA passcode followed by their AIX password.
Notes
strings pam_securid.so | grep "Agent"
Related Articles
RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for SUSE (Chinese) Number of Views RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for AIX (Chinese) Number of Views RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for AIX (Chinese) Number of Views RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for AIX (Japanese) Number of Views RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for Solaris (Chinese) Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
