Installing, Upgrading, and Uninstalling the Agent

This documentation covers installing, upgrading and uninstalling the SafeNet Agent for Pluggable Authentication Module (PAM).

Installing the Agent

1. Unpack the package.

   RedHat Linux:

   rpm –i SafeNet_Agent_for_PAM_Linux-[your installation build no].rpm
   

   Ubuntu:

   dpkg -i SafeNet_Agent_for_PAM_Linux-[your installation build no]_amd64.deb
   

   By default, the installation package is installed at the following location:

   /usr/local/thales/pam/
   

2. Navigate to the installed directory (/usr/local/thales/pam):

   cd /usr/local/thales/pam/
   

3. Copy the SAS_PAMConf.ini file from the Config folder to /usr/local/ using the following command:

   cp config/SAS_PAMConf.ini /usr/local/
   

4. For the following options available in the sshd_config file (at /etc/ssh), perform the actions:

   Ensure that the PasswordAuthentication option is enabled

   PasswordAuthentication yes
   

   Enter the following to enable the ChallengeResponseAuthentication option:

   ChallengeResponseAuthentication yes
   

   Enter the following to enable the KbdInteractiveAuthentication option:

   KbdInteractiveAuthentication yes
   

   Note

   This setting is only applicable for Ubuntu 22.04.

   

5. Restart the sshd service using the following command:

   service sshd restart
   

6. SSH is denied by default because of selinux:

   Note

   By default, selinux is not available for Ubuntu, so the following edit is not required.

   To enable the SSH use the following commands:

   sudo audit2allow -a
   sudo setsebool nis_enabled=1
   

   To make the setting persist after reboot use the following command:

   sudo semanage boolean -m --on nis_enabled
   

Uninstalling the Agent

Perform the following steps to uninstall the old agent and install the latest version of the agent:

1. Disable the agent as described in Applying Multi-Factor Authentication.

2. Create a backup of the SAS_PAMConf.ini file and Agent.bsidkey files, to be used for configuring the new agent.

3. To uninstall the agent, run the following command:

   RedHat Linux: sudo rpm -e SafeNet_Agent_for_PAM_Linux

   Ubuntu: sudo apt-get remove safenet-agent-for-pam-linux

4. Install the latest version of the agent as described in Installing the Agent.

5. Configure the new agent with backup files SAS_PAMConf.ini file and Agent.bsidkey.

6. Apply Multi-Factor Authentication as described in Applying Multi-Factor Authentication on the new agent.

Upgrading the Agent

The upgrade from any earlier version is not supported in this release. To use the latest version, uninstall the old agent and install the new version of the agent.