This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA Authentication Agent 7.1 for PAM for AIX acetest program fails to authenticate a username

Article Number

000034259

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for PAM
RSA Version/Condition: 7.1

Issue

The acetest program included with the PAM agent reports the following error when installed on IBM AIX:

Unexpected error from ACE/Agent API 

The real-time authentication activity monitor reports the following error when authentications are sent to an Authentication Manager server:

Node secret mismatch: cleared on agent but not on server

Cause

The RSA Authentication Agent for PAM for AIX are 32-bit binaries and the PAM agent has been installed onto a 64-bit IBM AIX server where another third-party product is using 64-bit binaries and acting as another authentication agent. The node secret was created by the third-party product and the PAM agent is unable to read the node secret.

Resolution

The third-party product on the IBM AIX server and RSA Authentication Agent for PAM for IBM AIX must use different folders to store the SecurID configuration files. A conversion utility provided with the PAM agent called ns_conv_util can be used to convert the node secret file (securid) created by the third-party product which allows the PAM agent to read the converted node secret.

NOTE: The default location of the SecurID configuration files used by the PAM agent is /var/ace, but this can be changed by editing the /etc/sd_pam.conf file.

For information on the usage of ns_conv_util, please refer to pages 18 and 19 of the RSA Authentication Agent 7.1 for PAM Installation and Configuration Guide for AIX.

Notes

The SecurID configuration files are:
  • The sdconf.rec (configuration record generated from the Security Console),
  • The securid (node secret) normally created during the first authentication attempt from the agent to the Authentication Manager server(s),
  • The sdstatus.12 created by the PAM agent that lists servers in the deplyment and which are responding fastest, and
  • The sdopts.rec which allows for an IP address to be specified that is used to communicate with the Authentication Manager deployment server(s).
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 05:57 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.