VShell Server - Allow SecureID

PRODUCTS > VSHELL > SOLUTIONS GUIDE > ALLOW SECUREID

I need to configure VShell for UNIX to allow RSA SecurID authentication.

Before starting, you must first have the RSA ACE/Server software installed on the machine and working with standard tools (i.e., Telnet, RLogin, FTP, and RSH).

To configure vshelld to allow RSA SecurID authentication, complete the following steps:

Install the RSA ACE/Agent 5.0 for PAM in accordance with the steps in the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", which is available from RSA Security at the following web site:
http://www.rsasecurity.com/go/pam.html
Using the instructions found in the "Configuring the PAM Agent" section of the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", configuring the PAM agent and create a vshelld PAM section. The following paragraphs provide example modifications for a Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3:

a. Copy the following file:

/etc/pam.d/sshd
to:
/etc/pam.d/vshelld

b. When following the configuration instructions, substitute "vshelld" for every instance of "sshd".

For example, to configure a vshelld installation that is running on Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3, you would perform the following tasks:

Change to the /etc/pam.d directory.

Open the vshelld file. The following text will be displayed:

auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_rhosts_auth.so
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth

Comment out the following line:

auth required /lib/security/pam_stack.so service=system-auth

Instruct vshelld to point to the PAM Agent module by typing the following line:

auth required /lib/security/pam_securid.so

Notes

RSA documentation claims that only the following platforms are supported:

Solaris 8 and 9
Linux 7.3
Red Hat Enterprise Linux Advanced Server 3
Red Hat Enterprise Linux Enterprise Server 3

RSA documentation also claims that the ACE agent is only supported for OpenSSH version 3.7.1p2 if Red Hat Enterprise Linux Advanced Server 3 is the platform being used.

While VanDyke has only been able to verify this procedure on a few platforms, our experience indicates that it should work for all platforms supported by VShell.

Return to Solutions page

Return to Top


	Products	Downloads	Purchase	Support	About Us
	VShell Server	VShell Server	Buy Direct	Evaluation	Contact
	SecureCRT	SecureCRT	License Pricing	Updates Policy	Press Releases
	SecureFX	SecureFX	About Encryption Export	FAQs	What's New
	VanDyke ClientPack	VanDyke ClientPack	Orders FAQ	Tips & How-Tos	Customer Stories
	Beta Software	Beta Software	Resellers	Forums	Secure Solutions
Site Map \| Legal Notices \| Privacy Policy \| Refund Policy VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. Copyright © 1995 - VanDyke Software, Inc. All rights reserved.

About Encryption Export

Site Map | Legal Notices | Privacy Policy | Refund Policy

VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.