rsa_securid_auth_agent_for_pam

This module configures the RSA SecurID Authentication Agent for PAM.

Evans Tucker

evanstucker

11,276 downloads

8,173 latest version

4.6 quality score

Version information

  • 0.1.15 (latest)
  • 0.1.14
  • 0.1.13
  • 0.1.12
  • 0.1.11
  • 0.1.10
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Aug 28th 2017
This version is compatible with:
  • RedHat

Start using this module

Documentation

evanstucker/rsa_securid_auth_agent_for_pam — version 0.1.15 Aug 28th 2017

rsa_securid_auth_agent_for_pam

Table of Contents

  1. Description
  2. Usage - Configuration options and additional functionality
  3. Reference - An under-the-hood peek at what the module is doing and how
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

Trying to puppetize proprietary products is a terrible and thankless task - particularly ones with interative install scripts... Regardless, I was disappointed that no Puppet module existed to configure RSA Authentication Agent for PAM, so I present you with this pitiful module. This is basically just a puppetization of the instructions found here:

https://community.rsa.com/docs/DOC-39959

Usage

  1. Open up the appropriate ports in your firewalls and/or security groups. I had to open 5500 UDP and 5550 TCP.

  2. Download the agent, PAM-Agent_v7.1.0.1.16.05_06_13_02_04_01.tar, from here:

    https://community.rsa.com/docs/DOC-61994

  3. Create an sdconf.rec file on your RSA server.

  4. Create a class named "profile::rsa_securid_auth_agent_for_pam" in your Puppet repo with content like this:

class profile::rsa_securid_auth_agent_for_pam {
  include ::rsa_securid_auth_agent_for_pam
  include ::rsa_securid_auth_agent_for_pam::sshd
  # Optional service declaration for sshd if you don't have one elsewhere.
  #service { 'sshd':
  #  ensure => running,
  #}
  file { '/var/ace/sdconf.rec':
    mode   => '0600',
    source => "puppet:///modules/${module_name}/rsa_securid_auth_agent_for_pam/sdconf.rec",
  }
  file { '/opt/PAM-Agent_v7.1.0.1.16.05_06_13_02_04_01.tar':
    source => "puppet:///modules/${module_name}/rsa_securid_auth_agent_for_pam/PAM-Agent_v7.1.0.1.16.05_06_13_02_04_01.tar",
  }
}
  1. Copy sdconf.rec and PAM-Agent_v7.1.0.1.16.05_06_13_02_04_01.tar to modules/profile/files/rsa_securid_auth_agent_for_pam/

  2. Did you remember to open up your firewall ports?

Reference

Here, include a complete list of your module's classes, types, providers, facts, along with the parameters for each. Users refer to this section (thus the name "Reference") to find specific details; most users don't read it per se.

###rsa_securid_auth_agent_for_pam

No parameters.

###rsa_securid_auth_agent_for_pam::sshd

No parameters. Note that this class requires that you are defining Service['sshd'] in your local Puppet code.

Limitations

This module is currently only designed to work on RHEL 7, it has only been tested with Puppet 4, and it only works with PAM-Agent_v7.1.0.1.16.05_06_13_02_04_01.tar.

Development

Please help! Make this module less terrible. Make it work with other operating systems. Contact RSA and ask them to stop hiding their download behind an account wall so I can change the source to "http://".