RSA Authentication Manager on CentOS 5

Howto install RSA Authentication Manager on CentOS 5

RSA's SecurID product is handy! However, they currently only support the "server" portion of the product on RHEL3 or Suse Enterprise Linux version 9. These are eh.. quite old. After unsuccessfully attempting to install this on Debian Etch (Aceserver installed fine, largely following the steps here.. however the RADIUS server proved to be beyond my patience),, I tried to get it on CentOS 5. Below, are the steps taken to accomplish this task. This is NOT a RSA supported installation, and this howto assumes you have a pretty good understanding of administrating machines.

Prep the machine
Install the following packages via yum..

yum install libstdc++.so.5
yum install ncompress
yum install compat-libstdc++-296-2.96-138.i386

Add the following line to /etc/hosts (this is used for the RADIUS server - it will fail install w/o this line)

1.2.3.4          hostname hostname.example.com

Add the following lines to /etc/services..

## Start RSA Auth Mgr ##
securid         5500/udp
securidprop_00  5505/tcp
securidprop_01  5506/tcp
securidprop_02  5507/tcp
securidprop_03  5508/tcp
securidprop_04  5509/tcp
securidprop_05  5510/tcp
securidprop_06  5511/tcp
securidprop_07  5512/tcp
securidprop_08  5513/tcp
securidprop_09  5514/tcp
securidprop_10  5515/tcp
sdlog           5520/tcp
sdserv          5530/tcp
sdreport        5540/tcp
sdadmind        5550/tcp
sdlockmgr       5560/tcp
sdcommd         5570/tcp
sdoad           5580/tcp
## End RSA Auth Mgr ##

Optionally add a user I added the user 'rsa' and installed into /home/rsa. You can do what you like here, your call. Just remember that whenever I mention "/home/rsa" to substitute wherever you want it installed.

That's it! Done with the pre-install stuff. Now lets move on...

Getting the files ready/unpacked
Easy peasy. You will need the following files to complete a full install.

AuthMgr61LINUX.tar.gz # Get this from the download area @ RSA - this is the base software.
license.rec # the following files are the various license/key files for the RSA Auth Mgr - provided by RSA
sdti.cer
server.cer
server.key

Copy these files to your install directory, in my case I used /home/rsa/install then run...

cd /home/rsa/install
tar -xvzf AuthMgr61LINUX.tar.gz
cp license.rec sdti.cer server.cer server.key install/aceserv/linux

Files are in place. Great. Now we need to "fake out" the install script into thinking we're a supported OS (SuSE EL9). You do this by editing the following:

echo 'VERSION 1 9'  > /etc/SuSE-RELEASE

Alright.. ready to try this install!

./sdsetup -primary

Follow the prompts, they should be self-explanitory. If all goes well, this will complete w/o further incident. Yay! You are most of the way there.

RADIUS server installation
This is the hard part. And it sucks. Badly. Anyways, lets get to it.

cd /home/rsa/install/RADIUS/linux
./install_rsa.sh

THIS WILL FAIL! I installed to /opt, but you can do wherever. I suggest leaving as-is though, I have not tested a different prefix and this is fragile enough!
Now it's tricky.. We need to perform the following

cd /opt/rsa/radius
perl -pni -e 's#%INSTALL_DIR%#/opt/rsa/radius#g' * # edit this to fit your install path of course
vi install
:30 # goto line 30
comment out the following line, and add the one underneath it..
#flavor="%RADIUS_FLAVOR%"
flavor="rsa"
cd /home/rsa/install/RADIUS/linux
vim install_rsa.sh
:410 (go to line 410)
Comment out this line like so...
#rpm -i --prefix $install_prefix_dir $package_file
./install_rsa.sh

What are we doing there? Well, for whatever reason %INSTALL_DIR% is not being expanded in the "post install" scripts. So, we're manually replacing this variable w/ the install path, then re-running them. The reason we comment out the rpm -i line, is so that we do not blow away the changes to the files we just made!

Now we need to edit some stupidity with the Radius server.. I did not do a great job documenting this as I went, so it's from memory.

cd /opt/rsa/radius/btrieve
bin/config /opt/rsa/radius/btrieve
(stuffs should happen)

cd bin
vim .bash_profile
edit line 2, and comment it out like so...

#export PVSW_ROOT=.

now.. we need to add some stuff to ldconfig.

echo "/opt/rsa/radius" > /etc/ld.so.conf.d/rsa-radius.conf
ldconfig

Hopefully that's it! Now try starting the radius server via /etc/init.d/sbrd start

Uh.. so that's "it". Now you get to start all the services and such, yay! I leave that up to you :)