How do I test an Agent running the Rest API to see that it can successfully communicate with the SecureID Authentication Manager.
How do I test an Agent running the Rest API to see that it can successfully communicate with the SecureID Authentication Manager.
Would our Guide to Getting Started with the AM 8.x REST-API Test App be of assistance?
Regards,
Erica
Thanks this gave me some added information to follow up on.
There's no acetest for REST, though there is an RFE for one.
The work-around is to configure PAM to challenge a single user, and use that account to Test that User and Token.
Here are some notes you might try:
Find and edit the sshd_config, which may be located either in /etc/ssh/sshd_config or in /usr/local/etc/sshd_config and add the following;
USEPAM=yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
Notes: Setting thePasswordAuthentication parameter to no disables OpenSSH password prompt. The PAM agent is used instead. As aresult, the user is prompted for SecurID authentication only.
Restart sshd
Edit the /etc/pam.d/sshd file and comment any lines that begin with auth.
Add the line:
auth required pam_securid.so
The /etc/sd_pam.conf should look something like this for a challenged UserID = UserTest. May need to be local Linux account too.
AGENT_ROOT=/home/rsaadmin
OPERATION_MODE=1
RSATRACELEVEL=0
RSATRACEDEST=
ENABLE_USERS_SUPPORT=1
INCL_EXCL_USERS=1
LIST_OF_USERS=UserTest
PAM_IGNORE_SUPPORT_FOR_USERS=0
ENABLE_GROUP_SUPPORT=0
INCL_EXCL_GROUPS=0
LIST_OF_GROUPS=other:wheel:eng:othergroupnames
PAM_IGNORE_SUPPORT=0
AUTH_CHALLENGE_USERNAME_STR=Enter USERNAME :
AUTH_CHALLENGE_RESERVE_REQUEST_STR=Please enter System Password for root :
AUTH_CHALLENGE_PASSCODE_STR=Enter PASSCODE :
AUTH_CHALLENGE_PASSWORD_STR=Enter your PASSWORD :
BACKOFF_TIME_FOR_RSA_EXCLUDED_UNIX_USERS=4
/etc/init.d/sshd restart
Linux:~ # more /etc/passwd | grep UserTest
UserTest:x:1006:2000::/home/UserTest:/bin/bash
There's no acetest for REST, though there is an RFE for one.
The work-around is to configure PAM to challenge a single user, and use that account to Test that User and Token.
Here are some notes you might try:
Find and edit the sshd_config, which may be located either in /etc/ssh/sshd_config or in /usr/local/etc/sshd_config and add the following;
USEPAM=yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
Notes: Setting thePasswordAuthentication parameter to no disables OpenSSH password prompt. The PAM agent is used instead. As aresult, the user is prompted for SecurID authentication only.
Restart sshd
Edit the /etc/pam.d/sshd file and comment any lines that begin with auth.
Add the line:
auth required pam_securid.so
The /etc/sd_pam.conf should look something like this for a challenged UserID = UserTest. May need to be local Linux account too.
AGENT_ROOT=/home/rsaadmin
OPERATION_MODE=1
RSATRACELEVEL=0
RSATRACEDEST=
ENABLE_USERS_SUPPORT=1
INCL_EXCL_USERS=1
LIST_OF_USERS=UserTest
PAM_IGNORE_SUPPORT_FOR_USERS=0
ENABLE_GROUP_SUPPORT=0
INCL_EXCL_GROUPS=0
LIST_OF_GROUPS=other:wheel:eng:othergroupnames
PAM_IGNORE_SUPPORT=0
AUTH_CHALLENGE_USERNAME_STR=Enter USERNAME :
AUTH_CHALLENGE_RESERVE_REQUEST_STR=Please enter System Password for root :
AUTH_CHALLENGE_PASSCODE_STR=Enter PASSCODE :
AUTH_CHALLENGE_PASSWORD_STR=Enter your PASSWORD :
BACKOFF_TIME_FOR_RSA_EXCLUDED_UNIX_USERS=4
/etc/init.d/sshd restart
Linux:~ # more /etc/passwd | grep UserTest
UserTest:x:1006:2000::/home/UserTest:/bin/bash