I'm looking for more information about how the latest RSA AM Pam Agent works.
My situation is this - I need to configure the RSA AM Pam agent 8.1 so that for most users it does RSA AM authentication but for those that are included in a group declared in /etc/sd_pam.conf and listed in /etc/group I need them to do AD/Kerberos authentication.
My question revolves around how to you deal with pam_secureid.so in the pam stack and how to configure sd_pam.conf. I have done the following in /etc/sd_pam.conf
LIST_OF_GROUPS=ad-users (plus I have created an entry in /etc/group for that user group)
When I do as suggested - comment out the other auth lines in /etc/pam.d/sshd and add "auth required pam_secureid.so" ssh logins to AD don't work - they did before the agent install and pam changes.
Does anybody know of a source of info on this? I have searched and asked and haven't found much help.