How to install and configure the SecurID PAM 8.1.3 agent on Ubuntu 18.04
Originally Published: 2021-05-29
Article Number
Applies To
PAM Agent 8.1.3
Issue
Tasks
- Prepare the server
- Install the Agent
- Configure the Agent
Resolution
1- Download the PAM agent
ayman@ubuntu:~$ wget -P $HOME/<URL of the PAM agent>
2- Create the configuration directory:
ayman@ubuntu:~$ sudo mkdir /var/ace ayman@ubuntu:~$ sudo chmod 0700 /var/ace
3- Copy the configuration file to /var/ace:
ayman@ubuntu:~$ sudo mv $HOME/sdconf.rec.txt /var/ace/sdconf.rec
4- Create the sdopts.rec file:
ayman@ubuntu:~$ sudo echo “CLIENT_IP=192.168.XXX.XXX” > /var/ace/sdopts.recWhere Client_IP is the IP of the Ubuntu server
Install PAM Agent:
1- Untar the download file
ayman@ubuntu:~$ tar -xf $HOME/downloads/PAM-Agent_v7.1.0.1.16.05_06_13_02_04_01.tar ayman@ubuntu:~$ chown -R root:root PAM-Agent_v7.1.0.1.16.05_06_13_02_04_012- Install the agent:
ayman@ubuntu:~$ cd PAM-Agent_v8.1.3.139.04_19_21_01_39_13/ ayman@ubuntu:~$ ./install_pam.sh .... Output Omitted .... Do you accept the License Terms and Conditions stated above? (Accept/Decline) [D] : A your answer: A checking..... /opt/pam Directory /opt/pam doesn't exist Proceeding with a new installation.... ----------------------------------------- Choose an RSA SecurID Authentication Mode ----------------------------------------- 0) RSA Authentication Manager with the UDP Protocol 1) RSA Authentication Manager with the REST Protocol 2) Cloud Authentication Service with the REST Protocol Select which operation mode you would like to configure for authentication [0/1/2] : 0 your answer: 0 You have selected the UDP Protocol for authentication. Enter Directory where sdconf.rec is located [/var/ace] : your answer: use default: /var/ace Please enter the root path for the RSA Authentication Agent for PAM directory [/opt] : your answer: use default: /opt The RSA Authentication Agent for PAM 8.1.3 [139] will be installed in the /opt directory. pam/ pam/conf/ pam/conf/mfa_api_template.properties pam/conf/log.properties pam/lib/ pam/lib/32bit/ pam/lib/32bit/libpamrest32.so pam/lib/32bit/liblog4cxx.so.10.0.0 pam/lib/32bit/pam_securid.so pam/lib/64bit/ pam/lib/64bit/liblog4cxx.so.10.0.0 pam/lib/64bit/libpamrest.so pam/lib/64bit/pam_securid.so pam/bin/ pam/bin/32bit/ pam/bin/32bit/acetest pam/bin/32bit/ns_conv_util pam/bin/32bit/acestatus pam/bin/64bit/ pam/bin/64bit/acetest pam/bin/64bit/ns_conv_util pam/bin/64bit/acestatus Checking /etc/sd_pam.conf: VAR_ACE does not exist - entry will be appended AGENT_ROOT does not exist - entry will be appended OPERATION_MODE does not exist - entry will be appended RSATRACELEVEL does not exist - entry will be appended RSATRACEDEST does not exist - entry will be appended ENABLE_USERS_SUPPORT does not exist - entry will be appended INCL_EXCL_USERS does not exist - entry will be appended LIST_OF_USERS does not exist - entry will be appended PAM_IGNORE_SUPPORT_FOR_USERS does not exist - entry will be appended ENABLE_GROUP_SUPPORT does not exist - entry will be appended INCL_EXCL_GROUPS does not exist - entry will be appended LIST_OF_GROUPS does not exist - entry will be appended PAM_IGNORE_SUPPORT does not exist - entry will be appended CHALLENGE_IGNORE_CASE does not exist - entry will be appended AUTH_CHALLENGE_USERNAME_STR does not exist - entry will be appended AUTH_CHALLENGE_RESERVE_REQUEST_STR does not exist - entry will be appended AUTH_CHALLENGE_PASSCODE_STR does not exist - entry will be appended AUTH_CHALLENGE_PASSWORD_STR does not exist - entry will be appended BACKOFF_TIME_FOR_RSA_EXCLUDED_UNIX_USERS does not exist - entry will be appended Checking /var/ace/conf/mfa_api.properties: REST_URL does not exist - entry will be appended CLIENT_KEY does not exist - entry will be appended CA_CERT_FILE_PATH does not exist - entry will be appended CLIENT_ID does not exist - entry will be appended CONNECT_TIMEOUT does not exist - entry will be appended READ_TIMEOUT does not exist - entry will be appended MAX_RETRIES does not exist - entry will be appended ***************************************************************************** * You have successfully installed RSA Authentication Agent 8.1.3 [139] for PAM *****************************************************************************
Configure the SSH service:
1- Check the configuration of the SSH service to be as follow:
ayman@ubuntu:~$ cat /etc/ssh/sshd_config | egrep "UsePAM|PasswordAuthentication|PasswordAuthentication" | grep -v "#" PasswordAuthentication no UsePAM yes PasswordAuthentication yes
2- Configure the /etc/pam.d/sshd
ayman@ubuntu:~$ cp /etc/pam.d/sshd /etc/pam.d/sshd.orig ayman@ubuntu:~$ vi /etc/pam.d/sshd # @include common-auth >> Hash this line auth required pam_securid.so # Add the following line
3- Restart SSH service
ayman@ubuntu:~$systemctl restart sshd
4- Follow the steps in the KB 000031069 to configure the challenged users
https://community.rsa.com/t5/rsa-securid-access-knowledge/enable-linux-password-authentication-along-with-rsa/ta-p/2145
Related Articles
How to obtain the version information for the RSA Authentication Agent for PAM installed on Linux Number of Views RSA SecurID Authentication Agent 8.1.3 for PAM Release Notes Number of Views How to Install and Configure the RSA PAM Agent on Solaris Operating System with RSA Authentication Manager. Number of Views Configuring RSA Authentication Agent 7.1 for PAM on SELinux Number of Views RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for Solaris (Chinese) Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes: Cloud Access Service and RSA Authenticators An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA Release Notes for RSA Authentication Manager 8.8
Don't see what you're looking for?
