Configuring the pam.conf file for Solaris and AIX

For Solaris and AIX computers, you need to edit the /etc/pam.conf file.

To configure the Solaris or AIX system authentication file so that users are prompted for the RSA token:

In the /etc/pam.conf file, add the following code snippet to the end of the file:

# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
sshd-kbdint auth required pam_securid.so
sshd-kbdint auth sufficient pam_centrifydc.so unix_cred
sshd-kbdint auth requisite pam_centrifydc.so deny sshd-kbdint account sufficient pam_centrifydc.so unix_cred sshd-kbdint account requisite pam_centrifydc.so deny
sshd-kbdint session required pam_centrifydc.so
sshd-kbdint password sufficient pam_centrifydc.so ry_first_pass
sshd-kbdint auth requisite pam_authtok_get.so.1
sshd-kbdint auth required pam_dhkeys.so.1
sshd-kbdint auth required pam_unix_cred.so.1
sshd-kbdint auth required pam_unix_auth.so.1
sshd-kbdint account requisite pam_roles.so.1
sshd-kbdint account required pam_unix_account.so.1
sshd-kbdint session required pam_unix_session.so.1
sshd-kbdint password required pam_dhkeys.so.1
sshd-kbdint password requisite pam_authtok_get.so.1
sshd-kbdint password requisite pam_authtok_check.so.1
sshd-kbdint password required pam_authtok_store.so.1

You should restart any services that you plan to use with RSA. For example, if you’re using SSH, you should restart the SSH service.