Skip to main content

Support & downloads  >  

PAM configuration for Omnibus on SUSE

 Technote (FAQ)
 
Question
How do I configure the PAM module for ObjectServer authentication with local system users?
 
Answer
1) The configuration requires that you create a file called nco_objserv under /etc/pam.d

vi /etc/pam.d/nco_objserv

2) Set the system PAM configuration options by adding these lines to /etc/pam.d/nco_objserv:

#####################################
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
#####################################

3) Ensure that these files exist under /etc/pam.d/; common-session, common-password , common-account, common-auth. If they don't use the example that is attached here.

########### /etc/pam.d/common-account #####################
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired.
#
account required pam_unix2.so
###############################################################
###############################################################

######### /etc/pam.d/common-password #########################
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix2 in combination
# with pam_pwcheck.

# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# To enable Blowfish or MD5 passwords, you should edit
# /etc/default/passwd.
#
# Alternate strength checking for passwords should be configured
# in /etc/security/pam_pwcheck.conf.
#
# pam_make can be used to rebuild NIS maps after password change.
#
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
#password required pam_make.so /var/yp
###############################################################
###############################################################

### /etc/pam.d/common-auth ####################################
auth required pam_env.so
auth required pam_unix2.so
###############################################################
###############################################################

####### /etc/pam.d/common-session ###########################
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix2.
#
session required pam_limits.so
session required pam_unix2.so
###############################################################

4) Create a user account on the operating system and set a password.

5) Start the ObjectServer with "Sec.UsePam: TRUE" in the property file of the ObjectServer. This is a default value.

6) Set the Ipc.StackSize in the object server properties

For SUSE 9:

Ipc.StackSize: 139248

For SUSE 10:

Ipc.StackSize: 278496

7) Create a user account in the ObjectServer with the same account name that was created on the operating system and check the "Use PAM" for that account under the user settings tab.

8) Login with you new account.

NOTE: If you are running this from pad you will need to use the -stacksize option when starting nco_pad

For SUSE 9:

-stacksize 139248

For SUSE 10:

-stacksize 278496

 
common-account common-auth common-password common-session
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Systems and Asset Management
 Network Management & Performance
 IBM Tivoli Netcool/OMNIbus
 Netcool/OMNIbus
 Operating system(s):
  Linux
 Software version:
  7.1, 7.2, 7.2.1
 Software edition:
  All Editions
 Reference #:
  1318297
 IBM Group:
 Software Group
 Modified date:
 2009-05-25

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.