I am attempting to get our RSA SecurID tokens working in CentOS:
http://www.rsa.com/node.aspx?id=1177
Has anyone had any experience with this? I know CentOS is not supported but one would think that it could be easily implemented...
Here's the error I'm receiving:
May 13 10:26:21 sshd[1662]: @(#)RSA Authentication Agent 5.3 for PAM [263] May 13 10:26:21 sshd[1662]: Entered pam_sm_authenticate May 13 10:26:21 sshd[1662]: Entered iReadPAMConfigFile May 13 10:26:21 sshd[1662]: VAR_ACE is /var/ace May 13 10:26:21 sshd[1662]: ENABLE_GROUP_SUPPORT is 0 May 13 10:26:21 sshd[1662]: INCL_EXCL_GROUPS is 0 May 13 10:26:21 sshd[1662]: Adding ::other:: to list of groups May 13 10:26:21 sshd[1662]: Adding ::wheel:: to list of groups May 13 10:26:21 sshd[1662]: Adding ::eng:: to list of groups May 13 10:26:21 sshd[1662]: Adding ::othergroupnames:: to list of groups May 13 10:25:21 sshd[1662]: Adding ::testing:: to list of groups May 13 10:26:21 sshd[1662]: Number of groups is 4 May 13 10:26:21 sshd[1662]: AUTH_CHALLENGE_USERNAME_STR May 13 10:26:21 sshd[1662]: AUTH_CHALLENGE_RESERVE_REQUEST_STR May 13 10:26:21 sshd[1662]: AUTH_CHALLENGE_PASSCODE_STR May 13 10:26:21 sshd[1662]: AUTH_CHALLENGE_PASSWORD_STR May 13 10:26:21 sshd[1662]: iReadPAMConfigFile: Returning success. May 13 10:26:21 sshd[1662]: Entered PAM:InitSecurID May 13 10:26:21 sshd[1662]: ace_dir_env is VAR_ACE=/var/ace May 13 10:26:21 sshd[1662]: AceInitialize failed May 13 10:26:21 sshd[1662]: Reserve password not allowed by RSA SecurID module May 13 10:26:21 sshd[1662]: Failed password for apace from 192.168.5.201port 60353 ssh2
[root@snorlax bin]# ./acestatus
Error can't connect to ACE/Server
[root@snorlax bin]# ./acetest
AceInitialize failed [root@snorlax bin]#
RSA is no help since it's not a RHEL box :( The PAM module installs fine, but I see no communication between the server and the RSA Appliance!