When switching to root the RSA Authentication Agent 8.1.3 for PAM is not prompting for a passcode

3 years ago

Originally Published: 2023-03-27

Article Number

000068145

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for PAM

Issue

There is no RSA prompt when switching to root using the su - command. The following error is shown:

PAM unable to dlopen(/usr/lib64/security/pam_securid.so): /usr/lib64/security/pam_securid.so: cannot open shared object file:operation not permitted
PAM adding faulty module: /usr/lib64/security/pam_securid.so

Cause

The configured File Access Policy (fapolicyd) is restricting the loading of the RSA PAM module.

Resolution

Stop the FA Policy service by running the following command:

systemctl stop fapolicyd.service

Workaround

If fapolicyd is a requirement, you must add the RSA libraries to fapolicyd’s trust database on RHEL by running the following commands:

fapolicyd --file add /usr/lib64/security/pam_securid.so --trust-file pam-securid
fapolicyd --file add /var/ace/lib/64bit/libpamrest.so --trust-file pam-securid
fapolicyd --file add /var/ace/lib/64bit/liblog4cxx.so.10 --trust-file pam-securid
fapolicyd-cli --update
systemctl restart fapolicyd

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles