The acetest program included with the PAM agent reports the following error when installed on IBM AIX:
Unexpected error from ACE/Agent API
The real-time authentication activity monitor reports the following error when authentications are sent to an Authentication Manager server:
Node secret mismatch: cleared on agent but not on server
The RSA Authentication Agent for PAM for AIX are 32-bit binaries and the PAM agent has been installed onto a 64-bit IBM AIX server where another third-party product is using 64-bit binaries and acting as another authentication agent. The node secret was created by the third-party product and the PAM agent is unable to read the node secret.
The third-party product on the IBM AIX server and RSA Authentication Agent for PAM for IBM AIX must use different folders to store the SecurID configuration files. A conversion utility provided with the PAM agent called ns_conv_util can be used to convert the node secret file (securid) created by the third-party product which allows the PAM agent to read the converted node secret.
NOTE: The default location of the SecurID configuration files used by the PAM agent is /var/ace, but this can be changed by editing the /etc/sd_pam.conf file.