Reflection for Secure IT supports the RSA Authentication Agent for PAM, which allows RSA SecurID tokens to be used when connecting to the server. The RSA Authentication Agent for PAM must be running on the same host as the Reflection for Secure IT server.
To configure the client
Enable keyboard-interactive authentication. (This is the default for all Reflection for Secure IT clients.)
To configure the server
Install the RSA Authentication Agent on the computer running the Reflection for Secure IT server.
Open the server configuration file (/etc/ssh2/sshd2_config) in a text editor.
Enable keyboard-interactive authentication and configure the server to use PAM for authentication and password management:
AllowedAuthentications=keyboard-interactive AuthKbdInt.Required=pam
To start the server
NOTE:You need to set the environment variables VAR_ACE and LD_LIBRARY_PATH before you start the Secure Shell server. Set VAR_ACE to the directory of the RSA Agent for PAM installation that contains the sdconf.rec file. Set LD_LIBRARY_PATH to the directory where the RSA/Server or RSA/Agent is installed.
To set the environment variables and start the server:
$ VAR_ACE=/opt/ace/data LD_LIBRARY_PATH=/opt/ace/prog /usr/sbin/sshd2
NOTE:To make the environment variable changes persist through a restart, you can modify the server startup script, or modify the root user's default profile.