From the sudo-users mailing list, anybody seen this problem before?

It's been years since I've used the SecurID module with sudo directly.

Kevin


---------- Forwarded message ----------
From: Mike Nguyen <moozoo+sudo@...>
Date: Jul 26, 2006 4:48 PM
Subject: [sudo-users] Make fails when configured with --with-SecurID
and --with-pam
To: sudo-users@...

. . .

Additionally, I had alot of trouble getting the --with-SecurID option to
work and had to do a bit of mucking around, at least based on the provided
instructions in the README (Or maybe I was just tired).

If anyone needs to get it compiling (Using SecurID Version 5):

- Make sure to grab the ACEAgentSDK5032.zip file from RSA's site (Login
required).

- Once uncompressed, copy all the header files from the inc/ directory to a
location of your choice (say, /tmp/rsa/). There should be 8 files.

acclnt.h acexport.h sd_types.h sdacmvls.h sdi_athd.h sdi_defs.h
sdi_size.h sdi_type.h

- Also copy the library files from the platform of your choice, lib/sol/, to
this same directory (say, /tmp/rsa/) There should be 2 files.

libaceclnt.a libaceclnt.so

- Once that is done, a ./configure --with-SecurID=/tmp/rsa should work
accordingly, find all the files it needs, and also detect that the SecurID
version you're using is 5, and not any previous one.

- Near the end of the ./configure output, if you get:

checking for SD_Init in -laceclnt... yes

...then SecurID version 5 has been correctly detected.

-----

But, although the compile seems to work fine using --with-SecurID...

It still seems as though something isn't working properly.

As I try a:

# sudo -s

I get:

sudo: failed to initialise the ACE API library

And in /var/adm/messages, appears:

sudo[7091]: [ID 940004 user.error] ACEAGENT: The message entry does not
exist for Message ID: 1001

The VAR_ACE variable has been defined in /etc/profile and the username
trying to sudo has it defined.

Might this be because we are using RSA 5.2, and not 5.0?

-----

OS: Solaris 8
GCC: 3.3.2
Sudo: 1.6.8p12
RSA: 5.2

. . .