VanDyke Software

VShell® Server

Try Before You Buy

Every release can be evaluated free of charge for 60 days.

Download VShell Server
Got a question or comment?   Send us a question or comment

Index

I need to configure VShell for Linux or Mac to allow RSA SecurID authentication.

Before starting, you must first have the RSA ACE/Server software installed on the machine and working with standard tools (i.e., Telnet, Rlogin, FTP, and RSH).

To configure vshelld to allow RSA SecurID authentication, complete the following steps:

  1. Install the RSA ACE/Agent 5.0 for PAM in accordance with the steps in the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", which is available from RSA Security at the following web site:
    http://www.rsasecurity.com/go/pam.html
  2. Using the instructions found in the "Configuring the PAM Agent" section of the "RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide", configuring the PAM agent and create a vshelld PAM section. The following paragraphs provide example modifications for a Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3:
    a. Copy the following file:
    /etc/pam.d/sshd
    to:
    /etc/pam.d/vshelld

    b. When following the configuration instructions, substitute "vshelld" for every instance of "sshd".

For example, to configure a vshelld installation that is running on Red Hat Linux 7.3 or Red Hat Enterprise Linux Advanced Server 3, you would perform the following tasks:

  1. Change to the /etc/pam.d directory.
  2. Open the vshelld file. The following text will be displayed:
    auth required /lib/security/pam_nologin.so
    auth required /lib/security/pam_securetty.so
    auth required /lib/security/pam_env.so
    auth sufficient /lib/security/pam_rhosts_auth.so
    auth required /lib/security/pam_stack.so service=system-auth
    account required /lib/security/pam_stack.so service=system-auth
    password required /lib/security/pam_stack.so service=system-auth
    session required /lib/security/pam_stack.so service=system-auth
  3. Comment out the following line:
    auth required /lib/security/pam_stack.so service=system-auth
  4. Instruct vshelld to point to the PAM Agent module by typing the following line:
    auth required /lib/security/pam_securid.so

Notes

RSA documentation claims that only the following platforms are supported:

  • Solaris 8 and 9
  • Linux 7.3
  • Red Hat Enterprise Linux Advanced Server 3
  • Red Hat Enterprise Linux Enterprise Server 3

RSA documentation also claims that the ACE agent is only supported for OpenSSH version 3.7.1p2 if Red Hat Enterprise Linux Advanced Server 3 is the platform being used.

While VanDyke has only been able to verify this procedure on a few platforms, our experience indicates that it should work for all platforms supported by VShell.

Three Fast Ways to Learn More About VShell Server For Windows, Linux, and Mac

Tell me more. Email us your questions about putting VShell to work for your organization.

Try it today! Download a free evaluation copy of VShell for Windows, Linux, or Mac.

Talk to us. Let us help define the right VShell server solution for your company.

Related Links

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.