Configure SecurID Authentication

Reflection for Secure IT supports the RSA Authentication Agent for PAM, which allows RSA SecurID tokens to be used when connecting to the server. The RSA Authentication Agent for PAM must be running on the same host as the Reflection for Secure IT server.

To configure the client

  • Enable keyboard-interactive authentication. (This is the default for all Reflection for Secure IT clients.)

To configure the server

  1. Install the RSA Authentication Agent on the computer running the Reflection for Secure IT server.
  2. Open the server configuration file (/etc/ssh2/sshd2_config) in a text editor.
  3. Enable keyboard-interactive authentication and configure the server to use PAM for authentication and password management:

    AllowedAuthentications=keyboard-interactive

    AuthKbdInt.Required=pam

To start the server

Note: You need to set the environment variables VAR_ACE and LD_LIBRARY_PATH before you start the Secure Shell server. Set VAR_ACE to the directory of the RSA Agent for PAM installation that contains the sdconf.rec file. Set LD_LIBRARY_PATH to the directory where the RSA/Server or RSA/Agent is installed.

  • To set the environment variables and start the server:

    $ VAR_ACE=/opt/ace/data LD_LIBRARY_PATH=/opt/ace/prog /usr/sbin/sshd2

    Note: To make the environment variable changes persist through a restart, you can modify the server startup script, or modify the root user's default profile.

Related Topics

Configure PAM Authentication

Pluggable Authentication Modules (PAM)