I am integrating Red Hat 8.x workstations and servers into my AD Domain environment. I am using Centrify as the solution for RHEL to AD integration to provide centralized password authentication. Now I am adding RSA on top of this. I have the RSA system working correctly with Centrify and RHEL. However, I no longer log in locally as root. I can log in as a domain user with my RSA passcode, open a prompt and su to root. I am not aware of any local security settings that prohibit local root login in my environment.
What steps must be taken to allow local root login?
Are you using the PAM 8.1 Agent for RHEL? Check out the install/config guide: RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for Oracle and RHEL -- in particular the section in Chapter 2 titled "Enable Selective SecurID Authentication". That should get you what you need.