My customer has asked me to work against a SecureID RADIUS server. He wants TFA for remote users.
I'm using RHEL 6.8, in command line mode only (no GUI) and I've identified the agent I should use.
I'm just starting to use this site, so forgive me if the answers are out there but atm I've only found generic documentation
I have some questions that are not clear from the documentation:
Can I log in as root locally without needing the server or TFA?
Can I log in as a local user without needing the server or TFA?
Can the local user run applications without needing the server?
Do I need a token to log in locally? What tokens are suitable?
What if the server is not available?
Do remote users need a local account? (documentation seems to say yes, customer doesn't want that)
How are remote users given UID/GID - presumably that is the reason for local account.
How is something like a Nessus scan with credentials undertaken?
Simon Hall,
I am sure one of our engineers will chime in but in the meantime, have a look at the documentation for the RSA Authentication Agent for PAM. From there you can go to RSA SecurID Authentication Agent 8.0 for PAM (English) which provides an Overview of the RSA SecurID Authentication Agent 8.0 for PAM.
Regards,
Erica