How to Setup RSA SecurID Authentication Agent for PAM on Linux ?

How to Setup RSA SecurID Authentication Agent for PAM on Linux ?

10 steps to setup an EMC RSA auth manager server for one of our development projects . As a part of this I had to setup multiple RSA client machines which are protected by RSA PAM agent . After googling I couldn't find that much number of docs related to this ( except EMC doc , unfortunately a confusing one) .

1) Download the pam_agent module from the EMC site

http://singapore.emc.com/security/rsa-securid/rsa-authentication-agents/pam-7-1.htm

ftp://ftp.rsasecurity.com/pub/agents/PAM-Agent_v7.1.0.149.01_14_13_00_07_15.tar

2)  # tar -xf  PAM-Agent_v7.1.0.149.01_14_13_00_07_15.tar

3)  # mkdir /var/ace

4)  # cd  PAM-Agent_v7.1.0.149.01_14_13_00_07_15

5)  # ./install_pam.sh

6) copy the sdconf.rec file from the RSA authmgr server to “/var/ace ” of the rsa client

     # scp /usr/local/RSASecurity/RSAAuthenticationManager/radius/sdconf.rec    root@rsaclient.com:/var/ace/

7) create a file “sdopts.rec” with rsaclient ip address or localhost

    # cat /var/ace/sdopts.rec

     CLIENT_IP=127.0.0.1

8) Make the following changes in sshd_config of the rsaclient

UsePAM yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePrivilegeSeparation no

9) Disable system-auth and enable pam_secureid module in /etc/pam.d/ssh as follows

    #auth include system-auth
auth required pam_securid.so

10)  Restart ssh