Howto install RSA Authentication Manager on CentOS 5
RSA's SecurID product is handy! However, they currently only support the "server" portion of the product on RHEL3 or Suse Enterprise Linux version 9. These are eh.. quite old. After unsuccessfully attempting to install this on Debian Etch (Aceserver installed fine, largely following the steps here.. however the RADIUS server proved to be beyond my patience),, I tried to get it on CentOS 5. Below, are the steps taken to accomplish this task. This is NOT a RSA supported installation, and this howto assumes you have a pretty good understanding of administrating machines.
Prep the machine
Install the following packages via yum..
yum install libstdc++.so.5
yum install ncompress
yum install compat-libstdc++-296-2.96-138.i386
Add the following line to /etc/hosts (this is used for the RADIUS server - it will fail install w/o this line)
188.8.131.52 hostname hostname.example.com
Add the following lines to /etc/services..
## Start RSA Auth Mgr ##
## End RSA Auth Mgr ##
Optionally add a user
I added the user 'rsa' and installed into /home/rsa. You can do what you like here, your call. Just remember that whenever I mention "/home/rsa" to substitute wherever you want it installed.
That's it! Done with the pre-install stuff. Now lets move on...
Getting the files ready/unpacked
Easy peasy. You will need the following files to complete a full install.
AuthMgr61LINUX.tar.gz # Get this from the download area @ RSA - this is the base software.
license.rec # the following files are the various license/key files for the RSA Auth Mgr - provided by RSA
Copy these files to your install directory, in my case I used /home/rsa/install then run...
tar -xvzf AuthMgr61LINUX.tar.gz
cp license.rec sdti.cer server.cer server.key install/aceserv/linux
Files are in place. Great. Now we need to "fake out" the install script into thinking we're a supported OS (SuSE EL9). You do this by editing the following:
echo 'VERSION 1 9' > /etc/SuSE-RELEASE
Alright.. ready to try this install!
Follow the prompts, they should be self-explanitory. If all goes well, this will complete w/o further incident. Yay! You are most of the way there.
RADIUS server installation
This is the hard part. And it sucks. Badly. Anyways, lets get to it.
THIS WILL FAIL! I installed to /opt, but you can do wherever. I suggest leaving as-is though, I have not tested a different prefix and this is fragile enough!
Now it's tricky.. We need to perform the following
perl -pni -e 's#%INSTALL_DIR%#/opt/rsa/radius#g' * # edit this to fit your install path of course
:30 # goto line 30
comment out the following line, and add the one underneath it..
:410 (go to line 410)
Comment out this line like so...
#rpm -i --prefix $install_prefix_dir $package_file
What are we doing there? Well, for whatever reason %INSTALL_DIR% is not being expanded in the "post install" scripts. So, we're manually replacing this variable w/ the install path, then re-running them. The reason we comment out the rpm -i line, is so that we do not blow away the changes to the files we just made!
Now we need to edit some stupidity with the Radius server.. I did not do a great job documenting this as I went, so it's from memory.
(stuffs should happen)
edit line 2, and comment it out like so...
now.. we need to add some stuff to ldconfig.
echo "/opt/rsa/radius" > /etc/ld.so.conf.d/rsa-radius.conf
Hopefully that's it! Now try starting the radius server via /etc/init.d/sbrd start
Uh.. so that's "it". Now you get to start all the services and such, yay! I leave that up to you :)