Article Number
000068179
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.6 and up
Issue
After changing shared secret of radius agents, authentication requests would still succeed using old shared secret.
Explanation:
When changing radius shared secret, it will be updated in RSA Authentication Manager however
The old shared secret would still be used for an amount of time that can be configured using option “lifetime” in radius configuration file “dynamic-clients”.
This option is responsible on refreshing radius agents every certain time. (Default 600 seconds)
Resolution
Access Operation console > Deployment Configuration > Radius server > Manage server files > dynamic-clients.
Change “lifetime” to smaller value for IPv4. (This could be done for ipv6 if needed) > Save & Restart RADIUS Server.
For more information about “dynamic-clients” configuration file, please check the corresponding RSA Authentication Manager RADIUS Reference Guide.
Workaround:Restarting radius service from CLI would refresh radius agent with new shared secret.
https://community.rsa.com/t5/securid-knowledge-base/how-to-stop-start-and-restart-rsa-authentication-manager-8-x/ta-p/5136
