PAM agent and strong crypto algorithms that support FIPS 140-2
PAM v. 8.1.4 PAM v. 8.1.3
A SecurID® Product Advisory on RSA Community (2018-01-04) states that PAM agent configured with ReST provides FIPS-compliant agent to server communication. But the PAM agent v. 8.1.4 Release Notes (October 2021) state The PAM agent 8.1.4 is not FIPS compliant, while the PAM agent v. 8.1.3 Release Notes (April 2022) makes no mention of FIPS or FIPS 140-2 compliance.
Is PAM able to support FIPS 140-2 compliant agent to server communication?
PAM v. 8.1.4 was released specifically for Solaris x86 (Intel) to add 64-bit support. The download only contains Solaris Intel Libraries. The Release Notes are titled this way, "RSA SecurID Authentication Agent 8.1.4 for PAM for Solaris x86" and have a the following Note on the first page:
Note: This release does not apply to other operating systems, such as AIX, Solaris SPARC, and RHEL. The latest release for other operating systems is the RSA SecurID Authentication Agent 8.1.3 for PAM.
The PAM 8.1.3 Release Notes have a later last update date than the PAM 8.1.4 Release Notes.
The PAM 8.1.4 libraries for Intel based Solaris unix were not tested for FIPS 140-2 compliance, therefore the release notes state this version of PAM is not FIPS compliant. Other versions of PAM, including v. 8.1.3, when configured with ReST provide FIPS-compliant agent to server communication.