How do I test an Agent running the Rest API to see that it can successfully communicate with the SecureID Authentication Manager.
How do I test an Agent running the Rest API to see that it can successfully communicate with the SecureID Authentication Manager.
Would our Guide to Getting Started with the AM 8.x REST-API Test App be of assistance?
Regards,
Erica
There's no acetest for REST, though there is an RFE for one.
The work-around is to configure PAM to challenge a single user, and use that account to Test that User and Token.
Here are some notes you might try:
Find and edit the sshd_config, which may be located either in /etc/ssh/sshd_config or in /usr/local/etc/sshd_config and add the following;
USEPAM=yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
Notes: Setting thePasswordAuthentication parameter to no disables OpenSSH password prompt. The PAM agent is used instead. As aresult, the user is prompted for SecurID authentication only.
Restart sshd
Edit the /etc/pam.d/sshd file and comment any lines that begin with auth.
Add the line:
auth required pam_securid.so
The /etc/sd_pam.conf should look something like this for a challenged UserID = UserTest. May need to be local Linux account too.
AGENT_ROOT=/home/rsaadmin
OPERATION_MODE=1
RSATRACELEVEL=0
RSATRACEDEST=
ENABLE_USERS_SUPPORT=1
INCL_EXCL_USERS=1
LIST_OF_USERS=UserTest
PAM_IGNORE_SUPPORT_FOR_USERS=0
ENABLE_GROUP_SUPPORT=0
INCL_EXCL_GROUPS=0
LIST_OF_GROUPS=other:wheel:eng:othergroupnames
PAM_IGNORE_SUPPORT=0
AUTH_CHALLENGE_USERNAME_STR=Enter USERNAME :
AUTH_CHALLENGE_RESERVE_REQUEST_STR=Please enter System Password for root :
AUTH_CHALLENGE_PASSCODE_STR=Enter PASSCODE :
AUTH_CHALLENGE_PASSWORD_STR=Enter your PASSWORD :
BACKOFF_TIME_FOR_RSA_EXCLUDED_UNIX_USERS=4
/etc/init.d/sshd restart
Linux:~ # more /etc/passwd | grep UserTest
UserTest:x:1006:2000::/home/UserTest:/bin/bash
There's no acetest for REST, though there is an RFE for one.
The work-around is to configure PAM to challenge a single user, and use that account to Test that User and Token.
Here are some notes you might try:
Find and edit the sshd_config, which may be located either in /etc/ssh/sshd_config or in /usr/local/etc/sshd_config and add the following;
USEPAM=yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
Notes: Setting thePasswordAuthentication parameter to no disables OpenSSH password prompt. The PAM agent is used instead. As aresult, the user is prompted for SecurID authentication only.
Restart sshd
Edit the /etc/pam.d/sshd file and comment any lines that begin with auth.
Add the line:
auth required pam_securid.so
The /etc/sd_pam.conf should look something like this for a challenged UserID = UserTest. May need to be local Linux account too.
AGENT_ROOT=/home/rsaadmin
OPERATION_MODE=1
RSATRACELEVEL=0
RSATRACEDEST=
ENABLE_USERS_SUPPORT=1
INCL_EXCL_USERS=1
LIST_OF_USERS=UserTest
PAM_IGNORE_SUPPORT_FOR_USERS=0
ENABLE_GROUP_SUPPORT=0
INCL_EXCL_GROUPS=0
LIST_OF_GROUPS=other:wheel:eng:othergroupnames
PAM_IGNORE_SUPPORT=0
AUTH_CHALLENGE_USERNAME_STR=Enter USERNAME :
AUTH_CHALLENGE_RESERVE_REQUEST_STR=Please enter System Password for root :
AUTH_CHALLENGE_PASSCODE_STR=Enter PASSCODE :
AUTH_CHALLENGE_PASSWORD_STR=Enter your PASSWORD :
BACKOFF_TIME_FOR_RSA_EXCLUDED_UNIX_USERS=4
/etc/init.d/sshd restart
Linux:~ # more /etc/passwd | grep UserTest
UserTest:x:1006:2000::/home/UserTest:/bin/bash