AnsweredAssumed Answered

What can be done with the PAM agent for SecureID

Question asked by Simon Hall on Jun 4, 2018
Latest reply on Jun 6, 2018 by Erica Chalfin

My customer has asked me to work against a SecureID RADIUS server. He wants TFA for remote users.

I'm using RHEL 6.8, in command line mode only (no GUI) and I've identified the agent I should use.

I'm just starting to use this site, so forgive me if the answers are out there but atm I've only found generic documentation

I have some questions that are not clear from the documentation:

Can I log in as root locally without needing the server or TFA?

Can I log in as a local user without needing the server or TFA?

Can the local user run applications without needing the server?

Do I need a token to log in locally? What tokens are suitable?

What if the server is not available?

Do remote users need a local account? (documentation seems to say yes, customer doesn't want that)

How are remote users given UID/GID - presumably that is the reason for local account.

How is something like a Nessus scan with credentials undertaken?

Outcomes