When integrating PAM into RSA you need to validate:
- PAM Server needs to be added as an Authentication Agent
- RSA UI -> Access -> Authentication Agents -> Add New
Servername needs to match exactly as it is in the PAM UI -> Configuration -> Network -> Network Setting -> Hostname
- After defining the Authentication Agent -> RSA Admin will “Generate a Configuration File”
- RSA UI -> Access -> Authentication Agents -> Generate a Configuration File (generates a sdconf.rec file)
- PAM admin will need to manually create a sdopts.rec file
- Download the server certificate file from RSA
RSA UI -> Access -> Authentication Agents -> Download Server Certificate File
- Upload the Certificate into PAM:
- PAM UI -> Configuration -> Security -> Certificates -> Upload -> CA Bundles -> Upload certificate here
Finally in RSA - use the Real-time Activity Monitor to see if any requests are going to the RSA server:
- RSA UI -> Reporting -> Real-time Activity Monitors -> Authentication Activity Monitor -> Start Monitor (with Successful, Warning and Failure Events selected)