Troubleshooting X-Windows for SecurID protection
Originally Published: 2001-06-18
Article Number
Applies To
UNIX (AIX, HP-UX, Solaris)
RSA ACE/Server
Issue
Resolution
a. Installation guide, RSA ACE/Server 4.1 for UNIX, page 153, item 4, The file name Xprompt should be read as XPrompt.
Prior to ACE/Server v5.0, the file name should be read as XPrompt.
b. Installation guide, RSA ACE/Server 4.1 for UNIX, page 153, item 5. It should be read as /usr/dt/bin/Xsession.
c. Installation guide, RSA ACE/Server 4.1 for UNIX, page 154, item 6. The lines mentioned in the documentation should
be added to the usr/dt/bin/Xsession file, on the next line after the #!bin/sh and not at the beginning of the file as
mentioned in the documentation.
d. Installation guide, RSA ACE/Server 5.0 and 5.0.1 for UNIX, page 167, item 5. It should be read as /usr/dt/bin/Xsession.
e. Installation guide, RSA ACE/Server 5.0 and 5.0.1 for UNIX, page 168, item 6. The lines mentioned in the documentation
should be added to the usr/dt/bin/Xsession file, on the next line after the #!bin/sh and not at the beginning of the file as
mentioned in the documentation.
This solution presumes that there is an ACE/Agent installed on the system which is going to be accessed via X-Windows, and that local ACE authentication has been configured and tested to work for the same user.
Using the AIX authentication method.
Configuring X-Windows:
There are three files to be modified to protect X-Windows with SecurID authentication:
On Solaris, HP-UX and AIX the default path for the files:
usr/dt/bin/Xsession
usr/dt/config/Xstartup
usr/dt/config/Xconfig
Note: The path for above listed files might vary in other operating systems but the files to be modified are same.
1. Edit the file usr/dt/bin/Xsession
Add the following script at the beginning of the script directly under the line #!/bin/sh
TESTSHELL=`ACEPROG/sdfindshell`
if [ -n "$TESTSHELL" ] ; then
SHELL=$TESTSHELL ; export SHELL
fi
#The single quotes in the first line of the above script are back quotes. These are on ~ key on the key board.
# Where ACEPROG is the path to ace/server installation. eg: /opt/ace/prog
2. Edit the file usr/dt/config/Xstartup
Copy the ace/prog/XPrompt script at the end of the Xstartup file by following command.
#cat /opt/ace/prog/XPrompt >> /usr/dt/config/Xstartup
Note: Notice the first two letters in XPrompt are in upper case in ACE/Server v3.3.1, 4.0, and 4.1. In ACE/Server 5.0,
the file name is Xprompt with lower case p.
3. Edit usr/dt/config/Xconfig
Uncomment the following line:
Dtlogin*authorize: False
#This will disable R4 MIT-MAGIC-COOKIE-1 per-user authorization.
4. If there is no etc/dt directory on the machine ignore the step 5.
5. If there is a directory etc/dt:
a. Create etc/dt/config
b. Create etc/dt/bin
c. Copy the files Xconfig and Xstartup into etc/dt/config.
d. Copy the file usr/dt/bin/Xsession to etc/dt/bin/Xsession.
This eliminates the possibility of X-Windows failing after OS upgrade.
6. Verify the varibles in XPrompt file are set to correct path.
DEFVARACE= "PATH/ace/data"
DEFUSRACE= "PATH/ace/prog"
7. Run /usr/dt/bin/dtconfig -reset
See for additional information: How to set up XWindows for RSA SecurID authentication
8. For additional troubleshooting see var/dt/Xerrors file.
9. If the securid authentication from a HP VUE client is not working, edit the file .vueprofile. This file must exist in the user's
home directory.
Add the following line:
SHELL=destinationshell; export SHELL
where the destination shell is the shell which runs after the user's successful authentication.
For additional information on configuring HP VUE refer to HP VUE Configuration
For additional information on configuring AIX client see Configuring AIX Client for X-windows authentication
Related Articles
RSA MFA Agent 9.0 for Apache Third Party Licenses Number of Views Problems protecting XWindows on Sun Solaris with RSA SecurID Number of Views RSA MFA Agent 3.0 for Microsoft AD FS Third Party Licenses Number of Views RSA MFA Agent 2.2.1 for Microsoft Windows Third-Party Licenses Number of Views Security scan shows a possible denial of service vulnerability Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
