Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
back

SafeNet Agent for Pluggable Authentication Module

Installing, Upgrading, and Uninstalling the Agent

search

Please Note:

printsuggest an edit

Installing, Upgrading, and Uninstalling the Agent

This documentation covers installing, upgrading, and uninstalling the SafeNet Agent for Pluggable Authentication Module (PAM).

copy link to clipboardInstalling the Agent

Perform the following steps to install the agent:

  1. Perform the following steps for different versions of RHEL:

    RHEL 8.10 (or earlier)

    As a prerequisite, you must install OpenSSL 3.2.2.

    For the following options available in the sshd_config file (at /etc/ssh), perform the following actions:

    • Ensure that the PasswordAuthentication option is enabled.

      PasswordAuthentication yes

    • Enter the following to enable the ChallengeResponseAuthentication option:

      ChallengeResponseAuthentication yes

    • Enter the following to enable the KbdInteractiveAuthentication option:

      KbdInteractiveAuthentication yes

    note

    Note

    This setting is only applicable for Ubuntu 22.04.

    alt_text

    RHEL 9.4

    Perform the following steps:

    a. Modify SSH Configuration:
    Comment out the ChallengeResponseAuthentication line in the sshd_config file.
    Location: /etc/ssh/sshd_config

    b. In the 50-redhat.conf file, set ChallengeResponseAuthentication to yes.
    Location: /etc/ssh/sshd_config.d/

    c. Set GSSAPIAuthentication to no.

    alt_text

  2. Run the following command:

    • RedHat Linux:

      rpm –i SafeNet_Agent_for_PAM_Linux-[your installation build no].rpm

    • Ubuntu:

      dpkg -i SafeNet_Agent_for_PAM_Linux-[your installation build no]_amd64.deb

    By default, the installation package is installed at the following location:

    /usr/local/thales/pam/

  3. Navigate to the installed directory (/usr/local/thales/pam):

    cd /usr/local/thales/pam/

  4. Copy the SAS_PAMConf.ini file from the Config folder to /usr/local/ using the following command:

    cp config/SAS_PAMConf.ini /usr/local/

  5. Restart the sshd service using the following command:

    service sshd restart

  6. SSH is denied by default because of selinux:

    note

    Note

    By default, selinux is not available for Ubuntu, so the following edit is not required.

    • To enable the SSH, use the following commands:

      sudo audit2allow -a

      sudo setsebool nis_enabled=1

    • To make the setting persist after reboot, use the following command:

      sudo semanage boolean -m --on nis_enabled

copy link to clipboardUpgrading the Agent

The upgrade from any earlier version is not supported in this release. To use the latest version, uninstall the old agent and install the new version of the agent.

copy link to clipboardUninstalling the Agent

Perform the following steps to uninstall the old agent and install the latest version of the agent:

  1. Disable the agent as described in Applying Multi-Factor Authentication.

  2. Create a backup of the SAS_PAMConf.ini file and Agent.bsidkey files, to be used for configuring the new agent.

  3. To uninstall the agent, run the following command:

    RedHat Linux: sudo rpm -e SafeNet_Agent_for_PAM_Linux

    Ubuntu: sudo apt-get remove safenet-agent-for-pam-linux

  4. Install the latest version of the agent as described in Installing the Agent.

  5. Configure the new agent with backup files SAS_PAMConf.ini file and Agent.bsidkey.

  6. Apply Multi-Factor Authentication (MFA) as described in Applying Multi-Factor Authentication on the new agent.

On this page