For sshd_config, you should explicitly set the following parameter to Yes. Even though the parameter is defaulted to this value, it sometimes is not correctly set. Without this parameter, you will not receive prompts for events like New Pin, and so forth.
- Even though the user authenticates with their SecurID token, they may be prompted to reset their Active Directory password if it has expired in the domain. After the user logs in, they will be presented with the “Change Password” prompts from Active Directory.
When a user authenticates with a SecurID token, they are granted access to the UNIX machine, but they are not authenticated to the Active Directory Domain. As a result, they will not have Kerberos Credentials or single sign-on capability to other systems. After signing on, the user may type the following and then enter their Active Directory password to authenticate to Active Directory.