Password authentication fails for unchallenged users on AIX after changing to SHA256 password hashing when RSA Authentication Agent for PAM is installed
Originally Published: 2020-05-27
Article Number
Applies To
RSA Product/Service Type: Authentication Agent for PAM
Platform: IBM AIX
Issue
Cause
Resolution
Workaround
- Make a backup of /etc/sd/pam.conf.
- Open /etc/sd/pam.conf in a text editor.
- Change the following two settings from 0 to 1:
PAM_IGNORE_SUPPORT_FOR_USERS=1 PAM_IGNORE_SUPPORT=1
- Make a backup of /etc/pam.conf.
- Open /etc/pam.conf in a text editor.
- Edit the authentication modules for your protected service. Using SSH as an example:
sshd auth required pam_securid.so not_set_pass sshd auth required pam_aixNow unchallenged users can log in with their password with the new hashing algorithm. However, challenged users have to log in using their RSA passcode followed by their AIX password.
Notes
strings pam_securid.so | grep "Agent"
Related Articles
Upgrading the Internal SecurID Authentication Manager 8.6 Certificates to SHA-256 Number of Views What are RSA Security's plans to support SHA-256 with KCA? Number of Views Upgrading the RSA Authentication Agent for Windows certificates to SHA-256 for offline authentication and agent auto-regis… Number of Views How to create a CA hierarchy where one subordinate CA uses SHA1 and another subordinate CA uses SHA2 while both sub CA's … Number of Views MFA Agent Test Authentication fails with error ServerConnectionFailed Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager Patch Updates Downloading RSA Authentication Manager license files or RSA Software token seed records How to manage RSA Authentication Manager console and virtual host certificates with keytool
Don't see what you're looking for?
