CA PAM is providing two-factor authentication with LDAP credentials and an RSA PIN and tokencode from RSA SecurID authenticator.
Test was done with PAM 3.0.2
There are three main parts to implement LDAP + RSA multi factor authentication for PAM server login. RSA server configuration for RSA user and LDAP configuration, and PAM side configuration.
Step 1. RSA server setting:
1. Add RSA user that will be used for PAM RSA login.
2. Assign Secure ID token to RSA user.
3. Install RSA securID software token and import Token to get Tockencode for login authentication.
4. Register PAM server a authentication agents on RSA server.
5. Download sdconf.rec from RSA server and import it into PAM.