 |
Message Data
|
|
|
Reported
|
Settlement
|
Delivered
|
|
|
|
7.6.00.16 |
Delivered |
7.6.00.19 |
|
|
|
|
Created
|
Processed
|
Completed
|
Affected OS
|
|
|
2005-09-07 |
2005-09-21 |
2005-09-21 |
All / Unix |
|
|
|
Description
|
Top |
|
|
<![CDATA[PAM support for UNIX
since newer SuSE Linux does automatically uses PAM (Pluggable Authentication Modules) for system user authentication, it
is wanted to become 'PAM-aware'.
]]>
|
|
|
|
|
|
<![CDATA[The environment variable SDB_PAM_NOT_USED allows to restrict authentication to never use PAM.
If PAM support is wanted on all non LINUX UNIX platforms /etc/opt/sdb can be used to specify it using a line
PAM=sdb
while a line
PAM=NOT_USED
will suppress PAM usage on all platforms.
The default PAM service 'sdb' which can be overruled with environment variable SDB_PAM_SERVICE_NAME
On Linux PAM service sdb can be used to configure remote access to database. A sample sdb service configuration file is
#%PAM-1.0
#
auth required pam_unix2.so nullok
account required pam_unix2.so
password required pam_unix2.so nullok
session required pam_unix2.so
To disable normal password checking on Linux the SDB_PAM_NOT_USED or the PAM=NOT_USED line in /etc/opt/sdb are needed.
The PAM service usage is not enabled on any other UNIX platform if the /etc/opt/sdb contains no entry due to very rare
found working PAM configuration...
]]>
|
|
| |
|
<![CDATA[Feature description:
PAM (pluggable authentication module) service can be used to configure remote access to database. Suggested service name
is 'sdb' but any service name other then '0','NOT_USED' and 'PAM_NOT_USED' can be added to /etc/opt/sdb as an entry.
Example entry
PAM=sdb
A sample sdb service configuration file (on Linux in /etc/pam.d/sdb) is
#%PAM-1.0
#
auth required pam_unix2.so nullok
account required pam_unix2.so
password required pam_unix2.so nullok
session required pam_unix2.so
if /etc/pam.conf is used, the corresponding configuration lines would be
sdb auth required pam_unix2.so nullok
sdb account required pam_unix2.so
sdb password required pam_unix2.so nullok
sdb session required pam_unix2.so
If pam.unix2.so is not available (Linux speciality) the module 'pam_unix.so' would be used instead.
If the environement variable 'SDB_PAM_NOT_USED' is defined the PAM authentication is not used.
This overrules even /etc/opt/sdb setting.
libpam is loaded dynamically. If the load succeeded the PAM authentication is used as default. If the load failed and
PAM was configured to be used the authentication fails. Otherwise the old authentication using the crypted password is
used.
]]>
|
|
| |
|
Id
|
Type
|
Description
|
|
| |
1137719 |
Change Request |
PAM support for UNIX
since newer SuSE Linux does automatically uses PAM (Plug... |
|
| |
1138393 |
Error |
PAM default behaviour for LINUX should be PAM not used
To keep 'compatibility... |
|
| |
|