Configure SecurID Authentication

Reflection for Secure IT UNIX Client and Server supports the RSA Authentication Agent for PAM, which allows RSA SecurID tokens to be used when connecting to the server. The RSA Authentication Agent for PAM must be running on the same host as the Reflection for Secure IT UNIX Client and Server server.

• Enable keyboard-interactive authentication. (This is the default for all Reflection for Secure IT UNIX Client and Server clients.)

To configure the server

1. Install the RSA Authentication Agent on the computer running the Reflection for Secure IT UNIX Client and Server server.

2. Open the server configuration file (/opt/microfocus/rsit/etc/sshd2_config) in a text editor.

3. Enable keyboard-interactive authentication and configure the server to use PAM for authentication and password management:

   AllowedAuthentications=keyboard-interactive
   AuthKbdInt.Required=pam
   

To start the server

Note

You need to set the environment variables VAR_ACE and LD_LIBRARY_PATH before you start the Secure Shell server. Set VAR_ACE to the directory of the RSA Agent for PAM installation that contains the sdconf.rec file. Set LD_LIBRARY_PATH to the directory where the RSA/Server or RSA/Agent is installed.

• To set the environment variables and start the server:

  VAR_ACE=/opt/ace/data LD_LIBRARY_PATH=/opt/ace/prog /opt/microfocus/rsit/sbin/sshd2
  

Note

To make the environment variable changes persist through a restart, you can modify the server startup script, or modify the root user's default profile.

---

More information

• Configure PAM Authentication

• Pluggable Authentication Modules (PAM)