PRODUCTS > VSHELL > SOLUTIONS GUIDE > ALLOW SECUREID
Send us a question or comment

I need to configure VShell for UNIX to allow RSA SecurID authentication.

Before starting, you must first have the RSA ACE/Server software installed on the machine and working with standard tools (i.e., Telnet, RLogin, FTP, and RSH).

To configure vshelld to allow RSA SecurID authentication, complete the following steps:

  1. Install the RSA ACE/Agent 5.0 for PAM in accordance with the steps in the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", which is available from RSA Security at the following web site:
    http://www.rsasecurity.com/go/pam.html
  2. Using the instructions found in the "Configuring the PAM Agent" section of the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", configuring the PAM agent and create a vshelld PAM section. The following paragraphs provide example modifications for a Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3:
    a. Copy the following file:
    /etc/pam.d/sshd
    to:
    /etc/pam.d/vshelld

    b. When following the configuration instructions, substitute "vshelld" for every instance of "sshd".

For example, to configure a vshelld installation that is running on Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3, you would perform the following tasks:

  1. Change to the /etc/pam.d directory.
  2. Open the vshelld file. The following text will be displayed:
    auth required /lib/security/pam_nologin.so
    auth required /lib/security/pam_securetty.so
    auth required /lib/security/pam_env.so
    auth sufficient /lib/security/pam_rhosts_auth.so
    auth required /lib/security/pam_stack.so service=system-auth
    account required /lib/security/pam_stack.so service=system-auth
    password required /lib/security/pam_stack.so service=system-auth
    session required /lib/security/pam_stack.so service=system-auth
  3. Comment out the following line:
    auth required /lib/security/pam_stack.so service=system-auth
  4. Instruct vshelld to point to the PAM Agent module by typing the following line:
    auth required /lib/security/pam_securid.so

Notes

RSA documentation claims that only the following platforms are supported:

  • Solaris 8 and 9
  • Linux 7.3
  • Red Hat Enterprise Linux Advanced Server 3
  • Red Hat Enterprise Linux Enterprise Server 3

RSA documentation also claims that the ACE agent is only supported for OpenSSH version 3.7.1p2 if Red Hat Enterprise Linux Advanced Server 3 is the platform being used.

While VanDyke has only been able to verify this procedure on a few platforms, our experience indicates that it should work for all platforms supported by VShell.

Return to Solutions page  

VShell, SecureCRT, and SecureFX are registered trademarks of VanDyke Software, Inc. in the United States and/or other countries.
All other trademarks or registered trademarks are the property of their respective owners.