RSA Authentication Agent 7.x for Web for Apache on Red Hat 5 throws error 103: Response to New PIN Request took too long exception in New PIN Mode
RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for Web for Apache RSA Version/Condition: 7.x Platform: Red Hat O/S Version: 5
When an RSA SecurID token is in New PIN Mode and authentication is through the Authentication Agent 7.x for Web for Apache installed on Red Hat 5, the following error is seen:
103: Response to new PIN Request took too long' exception in New PIN Mode
While ./acetest from the command line does change a new users PIN correctly, when passing through the Apache web page for SecurID login, the following exception is thrown:
103: Response to the New PIN Request took too long. Please try again.
A user that already has a functioning PIN authenticates successfully.
The Apache bundle 2.2.3 that comes with Red Hat 5.1 is not supported with the RSA Authentication Agent 7.x for Web for Apache. Per page 11 of the RSA Authentication Agent 7.x for Web Installation and Configuration Guide:
Hardware and Operating System Requirements:
The RSA Authentication Agent for Web for Apache is supported on Apache Web Server 2.2.4 and 2.2.6 on Red Hat Enterprise Linux 4.0, 5.0, and 5.1 AS/ES. 2.2.3 is not a supported web server for this agent.
Likewise, the RSA Authentication Agent 5.3 for Web for Apache is supported on 2.59, not 2.052.
The issue is caused by which compiling options were used when apache is compiled for rpm. If the rpm is compiled with worker and prefork, or worker alone, this issue will occur.
The documentation will be modified to state that prefork only can be used.
For 100% compatibility, you MUST use a supported version source that is downloaded DIRECTLY FROM apache.org. RSA cannot guarantee every pre-made rpm available for download on the internet contains an unmodified source tree or is compiled in a standard fashion. Compiling Apache is very simple and very well documented from Apache. The compile procedure has been the same since Apache.
[root@apache ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 933 status
100024 1 tcp 936 status
300760 1 tcp 41347
Install the RSA Authentication Agent 7.x for Web for Apache, ensuring to specify the PROPER PATH on which Apache is installed (see Notes below).
Test the agent.
* The startup script in /etc/init.d for apache, httpd, should be modified to point to the new httpd executable and the the directory used in the prefix variable during compile to insure startup occurs seamlessly at boot time:
"Apache versions mentioned here refer to distributions available on www.apache.org. Pre-packaged Apache modules available from other sources or vendors can result in incorrect behavior or missing functionality in the RSA Agent."