Before you install UNAB verify that the operating system supports the following SSH server and statements required to enable PAM configurations.
Note: The SSH configuration file location may vary according to specific customer installation.
SSH Server and PAM configuration for AIX
The SSH server configuration files is located in the following directory:
/etc/ssh/
To use OpenSSH 3.6 or lower, modify the following entry in /etc/ssh/sshd_config:
PAM_AthenticationViaKbdint yes
To use OpenSSH 3.7 and above modify the following entries in /etc/ssh/sshd_config:
ChallengeResponseAuthentication yes
UsePAM yes
Example: pam.conf entries for OpenSSH on AIX
The following example is a snippet from the pam.conf that contains the relevant entries to support OpenSSH server on AIX:
# Entries for OpenSSH sshd auth optional /usr/lib/security/pam_seos.o sshd auth optional /usr/lib/security/pam_aix sshd auth sufficient /usr/lib/security/pam_uxauth.o sshd auth required /usr/lib/security/pam_aix try_first_pass sshd account sufficient /usr/lib/security/pam_uxauth.o sshd account requisite /usr/lib/security/pam_uxauth.o sshd account required pam_aix sshd password sufficient /usr/lib/security/pam_seos.o sshd password sufficient /usr/lib/security/pam_uxauth.o sshd password required pam_aix sshd session sufficient /usr/lib/security/pam_uxauth.o create_homedir sshd session required pam_aix
The Tectia SSH Server 4.x configurations file sshd2_config is located in the following file:directory
/etc/ssh2/
To use the Tectia Server 4.x modify the following entries in /etc/ssh2/ssh2d_config:
AllowedAuthentications ,publickey,keyboard-interactive,password
AuthKbdint.Optional pam
Example: pam.conf entries for Tectia SSH Server 4.x on AIX:
The following example is a snippet from the pam.conf that contains the relevant entries to support Tectia SSH server 4.x on AIX:
# Entries for tectia (sshd2) sshd2 auth optional /usr/lib/security/pam_seos.o sshd2 auth optional /usr/lib/security/pam_aix sshd2 auth sufficient /usr/lib/security/pam_uxauth.o sshd2 auth required /usr/lib/security/pam_aix try_first_pass sshd2 account sufficient /usr/lib/security/pam_uxauth.o sshd2 account requisite /usr/lib/security/pam_uxauth.o sshd2 account required pam_aix sshd2 password sufficient /usr/lib/security/pam_seos.o sshd2 password sufficient /usr/lib/security/pam_uxauth.o sshd2 password required pam_aix sshd2 session sufficient /usr/lib/security/pam_uxauth.o create_homedir sshd2 session required pam_aix
The Tectia SSH Server 6.x SSH configurations file sshd-server-config.xml is located in the following directory:
/etc/ssh2/
To use the Tectia SSH Server 6.x modify the following in the /etc/ssh2/ssh-server-config.xml file:
<settings windows-logon-type="interactive" pam-account-checking-only="yes" /> …. <pluggable-authentication-modules service-name="ssh-server-g3" pam-calls-with-commands="no" /> …. <authentication name="authentication" action="allow"> … <auth-publickey /> <auth-password /> <auth-keyboard-interactive > <submethod-pam /> </auth-keyboard-interactive> </authentication> </authentication-methods>
Example: pam.conf entries for Tectia SSH Server 6.x on AIX:
The following example is a snippet from the pam.conf that contains the relevant entries to support Tectia SSH server 6.x on AIX:
# Entries for Tectia (Tectia 6.x) ssh-server-g3 auth optional /usr/lib/security/pam_seos.o ssh-server-g3 auth optional /usr/lib/security/pam_aix ssh-server-g3 auth sufficient /usr/lib/security/pam_uxauth.o ssh-server-g3 auth required /usr/lib/security/pam_aix try_first_pass ssh-server-g3 account sufficient /usr/lib/security/pam_uxauth.o ssh-server-g3 account requisite /usr/lib/security/pam_uxauth.o ssh-server-g3 account required pam_aix ssh-server-g3 password sufficient /usr/lib/security/pam_seos.o ssh-server-g3 password sufficient /usr/lib/security/pam_uxauth.o ssh-server-g3 password required pam_aix ssh-server-g3 session sufficient /usr/lib/security/pam_uxauth.o create_homedir ssh-server-g3 session required pam_aix
SSH Server and PAM configuration for Solaris
The SSH server configuration file sshd_config is located in on the following directories:
/usr/local/etc/ssh/
/etc/ssh
To use Open SSH 3.9 and above modify the following in the sshd_config file:
ChallengeResponseAuthentication yes UsePAM yes UsePrivilegeSeparation no
To use SunSSH 1.1 and SunSSH 1.1.3 modify the following in the sshd_config file:
PAMAuthenticationViaKBDInt yes
To use SunSSH 1.1.1 modify the following in the sshd_config file:
ChallengeResponseAuthentication yes UsePAM yes
SSH Server and PAM configuration for Linux
The Tectia SSH Server 6.x configuration file ssh-server-config.xml is located in the following directory:
/etc/ssh2/
Modify the following entries in the configuration file:
<settings windows-logon-type="interactive" pam-account-checking-only="yes" /> <auth-keyboard-interactive> <submethod-pam /> </auth-keyboard-interactive>
Modify the following in the /etc/pam.d/ssh-server-g3 file:
auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so
Copyright © 2013 CA Technologies.
All rights reserved.
|
|