With the Apache Web Agent 8.0.2 protecting Apache 2.4.x installed on RHEL 7.6 talking to AM8.4 p2, we see (at a customer) NEW PIN and Next Tokencode resulting in the error
103: Response to the New PIN Request took too long. Please try again.
when using the agent's auth page. If the token has a pin set and is not in NTC everything works fine. The permissions on the /var/ace directory and its contents are correct, but SElinux is set to "enforcing". Could that be the problem? I haven't tracked down the right people yet to get it turned off or altered to test this hypothesis. UPDATE: Their selinux guy showed me that the Apache processes were all running "unconfined" and therefore ignoring any selinux constraints.
And yes, I've checked out articles 000031173 and 000016606.
UPDATE: Ah -- they are using their own build of Apache.