[unisog] RSA SecurID with ESX

David Bronder david-bronder at uiowa.edu
Wed Apr 12 23:47:55 GMT 2006


Jenkins, Matthew wrote:
> 
> Has anyone successfully gotten the SecurID Unix agent working with the
> ESX web login (vmware-authd)?  It seems to work fine with sshd; however,
> I can't seen to get it working with the ESX web console.  I also wasn't
> successful getting it working with local login.  It authenticates the
> user, however, the session immediately logs out after I attempt to login
> to the local console.  Thanks,

I'm not a SecurID user, but did you verify that your PAM configuration
is correct?

We use pam_krb5 on our ESX servers.  We updated /etc/pam.d/system-auth
to call pam_krb5.so in the appropriate places, then updated the PAM
config for sshd, vmware-authd, sudo, etc. to call pam_stack.so with
service=system-auth so we can keep our specific pam_krb5 settings in
one place.

The default /etc/pam.d/vmware-authd config lists the PAM modules to use
explicitly.  Make sure the SecurID PAM module is listed there for both
auth and account, or make sure it's in the system-auth config and
change vmware-authd to this:

  #%PAM-1.0
  auth       required     /lib/security/pam_stack.so service=system-auth
  account    required     /lib/security/pam_stack.so service=system-auth


[ Another response mentioned issues with PAM, threading, and RHEL4.
  For reference, VMware ESX 2.x is based on RedHat 7.2.  ESX 3.0 is
  going to be based on RHEL3. ]

-- 
Hello World.                                    David Bronder - Systems Admin
Segmentation Fault                                     ITS-SPA, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm.   david-bronder at uiowa.edu


More information about the unisog mailing list