Technote (FAQ)
Question
How do I configure the PAM module for ObjectServer authentication with local system users?
Answer
1) The configuration requires that you create a file called nco_objserv under /etc/pam.d
vi /etc/pam.d/nco_objserv
2) Set the system PAM configuration options by adding these lines to /etc/pam.d/nco_objserv:
#####################################
auth include common-auth
account include common-account
password include common-password
#####################################
3) Ensure that these files exist under /etc/pam.d/; common-session, common-password , common-account, common-auth. If they don't use the example that is attached here.
########### /etc/pam.d/common-account #####################
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired.
#
account required pam_unix2.so
###############################################################
###############################################################
######### /etc/pam.d/common-password #########################
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix2 in combination
# with pam_pwcheck.
# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# To enable Blowfish or MD5 passwords, you should edit
# /etc/default/passwd.
#
# Alternate strength checking for passwords should be configured
# in /etc/security/pam_pwcheck.conf.
#
# pam_make can be used to rebuild NIS maps after password change.
#
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
#password required pam_make.so /var/yp
###############################################################
###############################################################
### /etc/pam.d/common-auth ####################################
auth required pam_env.so
auth required pam_unix2.so
###############################################################
###############################################################
4) Create a user account on the operating system and set a password.
5) Start the ObjectServer with "Sec.UsePam: TRUE" in the property file of the ObjectServer. This is a default value.
6) Set the Ipc.StackSize in the object server properties
For SUSE 9:
Ipc.StackSize: 139248
For SUSE 10:
Ipc.StackSize: 278496
7) Create a user account in the ObjectServer with the same account name that was created on the operating system and check the "Use PAM" for that account under the user settings tab.
8) Login with you new account.
NOTE: If you are running this from pad you will need to use the -stacksize option when starting nco_pad
For SUSE 9:
-stacksize 139248
For SUSE 10:
-stacksize 278496
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.