Old Radius Shared Secret is still in use even after changing it in agent record from Security Console
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.6 and up
After changing shared secret of radius agents, authentication requests would still succeed using old shared secret.
When changing radius shared secret, it will be updated in RSA Authentication Manager however The old shared secret would still be used for an amount of time that can be configured using option “lifetime” in radius configuration file “dynamic-clients”. This option is responsible on refreshing radius agents every certain time. (Default 600 seconds)
Access Operation console > Deployment Configuration > Radius server > Manage server files > dynamic-clients. Change “lifetime” to smaller value for IPv4. (This could be done for ipv6 if needed) > Save & Restart RADIUS Server.
For more information about “dynamic-clients” configuration file, please check the corresponding RSA Authentication Manager RADIUS Reference Guide.