The following steps describe how to configure CA Top Secret for use with the PAM Server.
All of the Linux nodes must be defined in the CA Top Secret Security database as NDT node elements. Use the following syntax for each node:
TSS ADD|REM|REP(NDT) LINUXNODE(node_name) [IPADDR(ip_address) FACILITY(facility_name) ACTIVE(YES|NO)]
Note: The use of ADD, REM, or REP is required
Specifies the Linux system name. The maximum length is 246 mixed case characters.
Specifies the IP address for the Linux system. This is treated as a prefix.
Specifies the facility name to use for the system entry validation
Indicates whether the node is active and whether to perform system validation.
YES—Node is active and system validation is preformed
NO—Node is inactive and no system validation is performed. This is the default.
To see all defined Linux nodes enter:
TSS LIST(NDT) LINUXNODE(ALL)
Using the new LINUXNAM keyword, define the users Linux for zSeries user name. This allows the mapping of a long name to the users 8-byte security ID.
For those clients that will use the same 8-byte user ID for Linux as they use for their mainframe security ID this step can be skipped but you must configure the PAM Server to support this.
TSS ADD|REM|REP(user_acid) LINUXNAM(linux_username)
Where linux_username specifies the Linux user name. The maximum length is 1024 mixed case characters. To see a user’s current LINUXNAM enter:
TSS LIST(user_acid) SEGMENT(LINUX)
You will need to create facilities for the Linux nodes. A single facility name can be used for multiple Linux nodes or you can use individual facility names for Linux nodes. See the Control Options Guide for information on how to name a facility. The facility name associated with the node must be added to the user to authorize him to use that Linux node.
Ensure the POSIXMGRP control option has a value other than the system default of zero.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|