Installing and configuring authentication service and RSA SecurID
The installation process for each agent does not interfere with or touch any configuration file used by the other product. Follow the standard installation steps for each product.
You can install the products in either order. After you install the Centrify agent, you need to join the computer to Active Directory and place it in a DirectControl Zone.
To install and configure authentication service and RSA SecurID (an overview):
Install the DirectControl agent for *NIX.
For details, see the Centrify Authentication Service, Privilege Elevation Service, and Audit & Monitoring Service documentation.
Install and set up the RSA SecurID agent.
For details, see the RSA document, “RSA Authentication Agent 7.1 for PAM--Installation and Configuration Guide for RHEL.” The document is included in the agent download package.
Run the RSA acetest command to verify that the user login credentials work.
For details, see the RSA documentation.
If you have configured role definitions or command rights to require multi-factor authentication (MFA), you create a symlink to point to the RSA SecurID authentication file instead of the file for DirectControl. For details, see Configuring SecurID for use with Centrify zone-based role and privilege execution.
With MFA enabled for role definitions or command right definitions, you don’t have to manually configure each authentication module to use RSA SecurID.
- If you use Centrify Authentication Service but you don’t use role definitions or command right definitions configured for MFA:
Modify the PAM authentication files for Linux, Solaris, or AIX:
For Linux: Configure the /etc/pam.d/system-auth file:
For details, see Configuring the /etc/pam.d/system-auth file for Linux.
For Solaris and AIX: Configure the pam.conf file:
For details, see Configuring the pam.conf file for Solaris and AIX.
(Optional) Configure the system to use the SecurID for authentication for specific users or groups.
Tip: It may be a good idea to disable SecurID authentication for the root user, at least initially, so that you don’t get locked out of the computer entirely.
- (Optional, as needed) Configure SSH or other authentication services to use SecurID. For details on configuring SSH, see Configuring the pam.conf file for Solaris and AIX.