Configure IBM Security Authentication Service and RSA SecurID
Once you have installed and finished setting up your IBM Security product and the RSA SecurID authentication agent, you can configure settings so that user authentication can occur for locally defined UNIX users or for Active Directory users who have UNIX profiles in the appropriate zone. In addition, specific groups of Active Directory users can be prompted for password authentication or two factor authentication.
The installation process for each agent does not interfere with or touch any configuration file used by the other product. Follow the standard installation steps for each product.
You can install the products in either order. After the DirectControl agent is installed, you need to join the computer to a domain and place it in a DirectControl Zone.
You can configure the IBM Security Authentication Service and RSA SecurID to work together in either of two ways:
- Configure the PAM modules to work with the Authentication Service and RSA SecurID
- Configure SecurID for use with Verify Privilege Server Suite zone-based role and privilege execution
If you’re using an older version of authentication service or using a version that does not include multi-factor authentication (MFA) support, you can configure the PAM modules to work with authentication service and RSA SecurID. If you’ve configured role definitions or command rights to require MFA, you can rename a file and create a symlink to configure RSA SecurID to work with your authentication service deployment.