This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Authentication error for a challenged user with RSA Authentication Manager using REST protocol for RSA Authentication Agent 8.x for PAM

Article Number

000037660

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for PAM
RSA Version/Condition: 8.x
Platform: Linux

Issue

The RSA Authentication Agent 8.x for PAM is installed on a supported platform with REST protocol as a operation method and the SSH service is configured to be challenged with RSA passcode.
  • When the challenged users trying logging into the machine through SSH they are getting below error.
Image descriptionImage description
  • After enabling the DEBUG for the REST protocol, the /var/ace/log/mfa_rest.log shows either of following errors:
INFO (../src/ConnectionHandler/ConnectionHandler.cpp:355) - Connecting to Server: https://amv84p.example.com:5555/mfa/v1_1/authn
ERROR (../src/ConnectionHandler/ConnectionHandler.cpp:359) - Failed to connect.Curl error code: 6
 
or 
 
INFO (../src/ConnectionHandler/ConnectionHandler.cpp:355) - Connecting to Server: https://amv84p.example.com:5555/mfa/v1_1/authn
ERROR (../src/ConnectionHandler/ConnectionHandler.cpp:359) - Failed to connect.Curl error code: 28
 

Cause

Curl error code 6

The error displays on the machine where the Authentication Agent for PAM is installed when the agent is unable to resolve the Authentication Manager server hostname.
 

Curl error code 28

The error displays on the machine where the Authentication Agent for PAM is installed when the agent is not able get the authentication response from the Authentication Manager servers before it timeouts.
 

Resolution

Follow the steps outlined below to resolve the issues.
 

For Curl error code 6

  1. In client system, where pam agent is installed, Login as root user and edit hosts file. Run below command for that.
vi /etc/hosts
  1. Enter the IP addresses and fully qualified domain names of the primary and replica Authentication Manager servers.  For example, 
192.168.1.10 amv84p.example.com #AM primary
102.168.1.11 amv84r.example.com #AM replica
  1. Save the changes.
  2. Open an SSH session and try to authenticate with a challenged user. This time it will prompt for passcode.
  3. Enter the RSA passcode and verify that the authentication succeeds.



For Curl error code 28

  1. On a client system, where the Authentication Agent for PAM is installed, login as the root user.
  2. Navigate to /var/ace/conf on the Linux server and edit the mfa_api.properties file.
  3. Change the CONNECT_TIMEOUT value to 120 and the READ_TIMEOUT value to 160.
  4. Save and close the file.
  5. Open an SSH session and try to authenticate with a challenged user. This time it will prompt for passcode.
  6. Enter the RSA passcode and verify that the authentication succeeds.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 03:28 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.