Bad Username/Password With RSA in PAM 4.1.5
search cancel

Bad Username/Password With RSA in PAM 4.1.5

book

Article ID: 275822

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM was upgraded to 4.1.5 and afterwards, RSA authentication stopped working. All that can be seen in the session logs is a bad username/password error.

RSA is configured for API authentication and the following documentation link was used to configure PAM for the new RSA authentication, but logins continue to fail.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-5/configuring-your-server/authenticate-users-logging-in-to-the-server/configure-the-product-for-rsa-securid.html 

Environment

Privileged Access Manager 4.1.5

Cause

The sdopts.rec file contained Windows style line endings rather than the Unix style line endings required by PAM.

Resolution

To confirm what type of line endings a file has, open it in Notepad++. The bottom of the screen will say what type of line endings the file has. The line endings can be shown by going to View > Show Symbol > Show End of Line.

For Windows style line endings:

For Unix style line endings:

To convert the line endings, right-click the box at the bottom of the windows and select Unix. Save the file and upload it to the PAM appliance, then delete the node secret. 

Powered by Wolken Software