Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-11-2012, 11:40 AM   #1
Registered: Jan 2006
Location: USA
Posts: 564

Rep: Reputation: 61
RSA SecurID Config Q

rhel 5.x

so, getting the RSA agent crud installed onto rhel, and, configuring PAM stack to use the is easy, but does each SecurID user need a local account (using useradd) before they can get a shell via SSH ?
Old 06-11-2012, 02:03 PM   #2
LQ Newbie
Registered: Mar 2008
Posts: 18

Rep: Reputation: 0
Yes, unless the RSA agent has the capability to handle the account requests (not the case, I believe). Or you can use ldap.

As a side note, I would recommend against using the proprietary RSA .so. Instead, use pam-radius or pam-ldap. Pam-radius should be just as easy to set up and configure and you get the added benefit of being able to switch two-factor authentication providers without having to do make any changes on your hosts. Here is a doc on how to do it: (written for our 2FA solution, but just ignore our bits).

The other benefit is including your directory in the authentication process for authorization. If you use radius, you can run send the transaction to AD or LDAP via the MS radius plugin NPS and Freeradius, respectively. This configuration means that any user that is disabled in the directory can no longer log in remotely either. You don't want to have to disable users in two places. Also, directory admins would not also need to be admins on your 2FA server.


Old 06-11-2012, 03:28 PM   #3
Registered: Jan 2006
Location: USA
Posts: 564

Original Poster
Rep: Reputation: 61
yeah, well, unfortunately this RSA solution is provided as a managed security service and the service does not have ability to tie back into customer's AD. its something i wanted but simply cant have.

so, on each nix box a UID is created for the user and then "passwd -l uid" ??

is there a way to give SSH authenticated users (auth via RSA) a shell w/o having to create full local account on each system. the idea is to keep local accounts to a minimum, etc.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security firm RSA offers to replace SecurID tokens Jeebizz Linux - News 0 06-07-2011 09:51 AM
DIY - RSA SecurID augurseer Linux - Hardware 6 02-25-2008 07:00 AM
VPN into Microsoft PPTP with RSA Securid. Simplest client solution. mikethefrog Linux - Networking 1 05-08-2006 09:33 AM
VPN into Microsoft PPTP using RSA Securid. Simplest Solution? mikethefrog Debian 0 05-08-2006 07:52 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:08 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration