Login to RSA interface:
– Create the apache server as agent host with type web agent
– Generate the config file (zip file containing sdconf.rec) from RSA interface, and download to your local machine
Login to the web server
– Download the RSA web agent installation files from RSA website.
# mkdir -p /var/ace
– Copy and extract (sdconf.rec) the downloaded config file
# chmod 755 sdconf.rec
– Create the sdopts.rec file with the ip address of the machine, if you have multiple ip address assigned to the server or if the RSA we agent is a virtual machine. Otherwise the authentication might break with following kind of errors
“100: Access denied. The RSA ACE/Server rejected the Passcode. Please try again.” , “attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain””
# echo "CLIENT_IP=" > sdopts.rec
# chown -R webuser:webuser /var/ace
– Now install the RSA web agent
# tar xvf WebAgent_70_Apache_RHEL5_32_379_08201024.tar
# cd CD/
# chmod u+x install
# ./install
– Enter the location of sdconf.rec
– Configure the apache virtual host
It was found that web agent breaks if apache starts multiple server thread, so would be better to limit the thread.
< IfModule prefork.c >
StartServers 1
MinSpareServers 1
MaxSpareServers 1
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
< /IfModule >
– Now start apache and you will be able to access the RSA web interface.
Once authenticated, the RSA server will create a node secret for the agent host and will be copied automatically to the web server.
This web interface is mainly useful for the token users to reset or enable to token assigned to him.
./arun
Leave a Reply