Engineering figured out what happened with RSA during the upgrade. After the upgrade, the sdconf.rec file is missing and the sdopts.rec field is populated. At first I thought the file was swapped with sdopts.rec. That seems not to be the case. Engineering provided these manual steps post-upgrade that worked for them. It worked for me as well, on a system on which I'd configured RSA authentication. I am about to try the same with LDAP+RSA configured. IN the meantime, please take a look at the steps below.
1.Do not remove opts config file.
2.Import sdconf.rec file again.
3.Make sure that the hostname in PAM matches the hostname in the RSA server. With the hostname changed on one of my test systems, to the IP address, RSA started working.
If these steps do not resolve the problem for you, please open a support ticket. Be prepared to answer the following questions:
What is the current state of the RSA configuration on the system you upgraded?
Which of the .rec files are populated? If the sdopts.rec was not being use previously, and you cleared it on 3.0.x, we can recreate /var/ace/sdopts.rec with a touch command, in an ssh debug session to PAM. If you were using it prior to the upgrade, and it is currently cleared, you can reload the file, via the GUI.