VanDyke Software

VShell® Server

Try Before You Buy

Every release can be evaluated free of charge for 30 days.

Index

I need to configure VShell for UNIX to allow RSA SecurID authentication.

Before starting, you must first have the RSA ACE/Server software installed on the machine and working with standard tools (i.e., Telnet, Rlogin, FTP, and RSH).

To configure vshelld to allow RSA SecurID authentication, complete the following steps:

  1. Install the RSA ACE/Agent 5.0 for PAM in accordance with the steps in the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", which is available from RSA Security at the following web site:
    http://www.rsasecurity.com/go/pam.html
  2. Using the instructions found in the "Configuring the PAM Agent" section of the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", configuring the PAM agent and create a vshelld PAM section. The following paragraphs provide example modifications for a Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3:
    a. Copy the following file:
    /etc/pam.d/sshd
    to:
    /etc/pam.d/vshelld

    b. When following the configuration instructions, substitute "vshelld" for every instance of "sshd".

For example, to configure a vshelld installation that is running on Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3, you would perform the following tasks:

  1. Change to the /etc/pam.d directory.
  2. Open the vshelld file. The following text will be displayed:
    auth required /lib/security/pam_nologin.so
    auth required /lib/security/pam_securetty.so
    auth required /lib/security/pam_env.so
    auth sufficient /lib/security/pam_rhosts_auth.so
    auth required /lib/security/pam_stack.so service=system-auth
    account required /lib/security/pam_stack.so service=system-auth
    password required /lib/security/pam_stack.so service=system-auth
    session required /lib/security/pam_stack.so service=system-auth
  3. Comment out the following line:
    auth required /lib/security/pam_stack.so service=system-auth
  4. Instruct vshelld to point to the PAM Agent module by typing the following line:
    auth required /lib/security/pam_securid.so

Notes

RSA documentation claims that only the following platforms are supported:

  • Solaris 8 and 9
  • Linux 7.3
  • Red Hat Enterprise Linux Advanced Server 3
  • Red Hat Enterprise Linux Enterprise Server 3

RSA documentation also claims that the ACE agent is only supported for OpenSSH version 3.7.1p2 if Red Hat Enterprise Linux Advanced Server 3 is the platform being used.

While VanDyke has only been able to verify this procedure on a few platforms, our experience indicates that it should work for all platforms supported by VShell.


Three Fast Ways to Learn More About VShell Server For Windows and UNIX

Tell me more. Email us your questions about putting VShell to work for your organization.

Try it today! Download a free 30-day evaluation copy of VShell for Windows or UNIX.

Talk to us. Let us help define the right VShell server solution for your company.