By default, AIX uses the Loadable Authentication Module (LAM) for identification and authentication purposes. To enable UNAB to authenticate users accessing the system, you must configure AIX to use PAM. Configure the AIX system to use PAM before you customize and install UNAB.
Note: You can enable PAM on AIX versions 5.3 and above.
Example: Configuring AIX to use PAM
The following example shows you how to configure AIX version 5.3 and above to use PAM, used by UNAB for authentication purposes.
AIX does not provide a default /etc/pam.conf file.
# # Authentication # ftp auth required /usr/lib/security/pam_aix imap auth required /usr/lib/security/pam_aix login auth required /usr/lib/security/pam_aix rexec auth required /usr/lib/security/pam_aix rlogin auth required /usr/lib/security/pam_aix snapp auth required /usr/lib/security/pam_aix su auth required /usr/lib/security/pam_aix telnet auth required /usr/lib/security/pam_aix OTHER auth required /usr/lib/security/pam_aix # # Account Management # ftp account required /usr/lib/security/pam_aix login account required /usr/lib/security/pam_aix rexec account required /usr/lib/security/pam_aix rlogin account required /usr/lib/security/pam_aix rsh account required /usr/lib/security/pam_aix su account required /usr/lib/security/pam_aix telnet account required /usr/lib/security/pam_aix OTHER account required /usr/lib/security/pam_aix # # Password Management # login password required /usr/lib/security/pam_aix rlogin password required /usr/lib/security/pam_aix su password required /usr/lib/security/pam_aix telnet password required /usr/lib/security/pam_aix OTHER password required /usr/lib/security/pam_aix # # Session Management # ftp session required /usr/lib/security/pam_aix imap session required /usr/lib/security/pam_aix login session required /usr/lib/security/pam_aix rexec session required /usr/lib/security/pam_aix rlogin session required /usr/lib/security/pam_aix rsh session required /usr/lib/security/pam_aix snapp session required /usr/lib/security/pam_aix su session required /usr/lib/security/pam_aix telnet session required /usr/lib/security/pam_aix OTHER session required /usr/lib/security/pam_aix
PAM: program = /usr/lib/security/PAM PAMfiles: options = auth=PAM,db=BUILTIN
For example:
chsec -f /etc/security/login.cfg -s usw -a auth_type=PAM_AUTH
UsePAM yes
Note: Verify that you use a PAM supported version of OpenSSH (version 3.9p1 and above). To verify the version use the following command:
lslpp -i openssh.base.server
sshd auth required /usr/lib/security/pam_aix OTHER auth required /usr/lib/security/pam_aix sshd account required /usr/lib/security/pam_aix OTHER account required /usr/lib/security/pam_aix sshd password required /usr/lib/security/pam_aix OTHER password required /usr/lib/security/pam_aix sshd session required /usr/lib/security/pam_aix OTHER session required /usr/lib/security/pam_aix
AIX is configured to use PAM for authentication purposes. You can now customize the AIX native package and install UNAB.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|