Rocket MFA (IBM i Edition) Technical Specifications

Rocket MFA provides alternative authentication mechanisms for IBM i systems. Rocket MFA also provides authentication mechanisms for Red Hat Enterprise Linux Server, SUSE Linux Enterprise Server, and AIX systems that use pluggable authentication module (PAM) authentication.

Rocket MFA Server and GUI Requirement  

Component Package Version
Red Hat Exterprise Linux Server on Intel Distribution Version 8.1, or later
postgres database postgresql-server.x86_64 As included in distribution
openCryptoki opencryptoki.x86_64
opencryptoki-swtok.x86_64
As included in distribution
openssl openssl.x86_64 Version 1.1.1
libssh2 libssh2.x86_64 Version 1.9, or later

Required Rocket MFA Server Ports

Port Name Description When Needed
Server Authentication Port This is the port number on which the Rocket MFA web server listens

Always required

Mutual Authentication Port This is the port for client (mutual) authentication Required for PIV/CAC cards or other certificate types to authenticate. You do not otherwise need this port.

IBM i Version IBM i Configuration
7.2 and later
  • The IBM i system must allow ssh authentication
  • The password level of the system must allow the Rocket MFA-generated credential (CTC) to be used as the IBM i password. The QPWDLVL level effects the CTC style that is allowed
    • QPWDLVL levels 0 or 1 require an 8-digit CTC
    • A 16-digit CTC requires a minimum of QPWDLVL level 2
    • QPWDLVL level 3 is recommended for the best compatibility
  • Ensure that QPWDRULES does not include *ALLCRTCHG so that system password composition rules do not prevent the CTC from being used as a password. If QPWDRULES includes *ALLCRTCHG, it must be removed.

Rocket MFA PAM Clients

Component Requirement
rocketMFA.pam

Installed on every AIX system on which you want to use Rocket MFA for authentication.

The AIX operating system must be at the following versions:

  • AIX 6.1 with Technology Level 9 SP 8, or later
  • AIX 7.1 with Technology Level 5 SP 3, or later
  • AIX 7.2 with Technology Level 1 SP 1, or later

rmfa-pambase-1.1.0.0-latest.rhel8.x86_64.sh

rmfa-pamfallback-1.1.0.0- latest.rhel8.x86_64.sh

Installed on every Red Hat Enterprise Linux Server Intel system on which you want to use Rocket MFA for authentication.  

The Red Hat Enterprise Linux Server must be at the following versions: 

  • Red Hate Enterprise Linux Server 8.x, or later

rmfa-pambase-1.1.0.0- latest.rhel8.ppc64le.sh

rmfa-pamfallback-1.1.0.0- latest.rhel8.ppc64le.sh

Installed on every Red Hat Enterprise Linux Server on Power system on which you want to use Rocket MFA for authentication.  

The Red Hat Enterprise Linux Server must be at the following versions:

  • Red Hat Enterprise Linux Server 8.x, or later

rmfa-pambase-1.1.0.0- latest.sles15.ppc64le.sh

rmfa-pamfallback-1.1.0.0- latest.sles15.ppc64le.sh

Installed on every SUSE Linux Enterprise Server Power system on which you want to use Rocket MFA for authentication.  

The SUSE Linux Enterprise Server must be at the following versions:

  • SUSE Linux Enterprise Server 15. Other versions may not work but have not been tested.