This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

PAM agent and strong crypto algorithms that support FIPS 140-2

Article Number

000067996

Applies To

PAM v. 8.1.4
PAM v. 8.1.3

Issue

A SecurID® Product Advisory on RSA Community (2018-01-04) states that PAM agent configured with ReST provides FIPS-compliant agent to server communication.
But the PAM agent v. 8.1.4 Release Notes (October 2021) state The PAM agent 8.1.4 is not FIPS compliant, while the PAM agent v. 8.1.3 Release Notes (April 2022) makes no mention of FIPS or FIPS 140-2 compliance.

Is PAM able to support FIPS 140-2 compliant agent to server communication?

Cause

PAM v. 8.1.4 was released specifically for Solaris x86 (Intel) to add 64-bit support.  The download only contains Solaris Intel Libraries.  The Release Notes are titled this way, "RSA SecurID Authentication Agent 8.1.4 for PAM for Solaris x86" and have a the following Note on the first page:

Note: This release does not apply to other operating systems, such as AIX, Solaris SPARC, and RHEL. The latest release for other operating systems is the RSA SecurID Authentication Agent 8.1.3 for PAM.

The PAM 8.1.3 Release Notes have a later last update date than the PAM 8.1.4 Release Notes.

Resolution

The PAM 8.1.4 libraries for Intel based Solaris unix were not tested for FIPS 140-2 compliance, therefore the release notes state this version of PAM is not FIPS compliant.  Other versions of PAM, including v. 8.1.3, when configured with ReST provide FIPS-compliant agent to server communication.

Notes

SecurID® Product Advisory - PAM FIPS-compliant agent to server communication
https://community.rsa.com/t5/securid-product-advisories/rsa-announces-the-release-of-rsa-securid-authentication-agent-8/ta-p/552806

PAM agent v. 8.1.4 Release Notes (October 2021) not FIPS compliant, 
https://community.rsa.com/t5/securid-authentication-agent-for/rsa-securid-authentication-agent-8-1-4-for-pam-release-notes/ta-p/648608

PAM agent v. 8.1.3 Release Notes (April 2022) no mention of FIPS.
https://community.rsa.com/t5/securid-authentication-agent-for/rsa-securid-authentication-agent-8-1-3-for-pam-release-notes/ta-p/604316
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-11-11 02:07 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.