We have a service account which will be accessing network devices under RSA SecurID management, RADIUS actually. This account only exists in the RSA appliance, not in AD, LDAP, etc. Is it possible to set that account to only require a password instead of a permanent token/passcode? If not, would it be possible if the user was in the AD?
Native SecurID protocol has a lot of agents that use the concept of Challenge, a Challenged User needs a Passcode, but an unChallenged user can logon with a Password. But I do not think I have seen that in RADIUS, usually because if you do not want a PassCode prompt, you do not send the authentication request to Authentication Manager, AM. A full RADIUS server could lookup users in LDAP for Passwords, and AM for PassCodes, but RSA's RADIUS cannot do that.
If the authentication request has to come to AM, the next best or closest thing might be a Fixed Passcode