PAM configuration for Omnibus on SUSE

Technote (FAQ)


Question


How do I configure the PAM module for ObjectServer authentication with local system users?

Answer

1) The configuration requires that you create a file called nco_objserv under /etc/pam.d

vi /etc/pam.d/nco_objserv

2) Set the system PAM configuration options by adding these lines to /etc/pam.d/nco_objserv:

#####################################
auth include common-auth
account include common-account
password include common-password
#####################################

3) Ensure that these files exist under /etc/pam.d/; common-session, common-password , common-account, common-auth. If they don't use the example that is attached here.

########### /etc/pam.d/common-account #####################
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired.
#
account required pam_unix2.so
###############################################################
###############################################################

######### /etc/pam.d/common-password #########################
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix2 in combination
# with pam_pwcheck.

# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# To enable Blowfish or MD5 passwords, you should edit
# /etc/default/passwd.
#
# Alternate strength checking for passwords should be configured
# in /etc/security/pam_pwcheck.conf.
#
# pam_make can be used to rebuild NIS maps after password change.
#
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
#password required pam_make.so /var/yp
###############################################################
###############################################################

### /etc/pam.d/common-auth ####################################
auth required pam_env.so
auth required pam_unix2.so
###############################################################
###############################################################

4) Create a user account on the operating system and set a password.

5) Start the ObjectServer with "Sec.UsePam: TRUE" in the property file of the ObjectServer. This is a default value.

6) Set the Ipc.StackSize in the object server properties

For SUSE 9:

Ipc.StackSize: 139248

For SUSE 10:

Ipc.StackSize: 278496

7) Create a user account in the ObjectServer with the same account name that was created on the operating system and check the "Use PAM" for that account under the user settings tab.

8) Login with you new account.

NOTE: If you are running this from pad you will need to use the -stacksize option when starting nco_pad

For SUSE 9:

-stacksize 139248

For SUSE 10:

-stacksize 278496

common-account common-auth common-password

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Netcool/OMNIbus
Netcool/OMNIbus

Software version:

7.2.1, 7.3.0

Operating system(s):

Linux

Software edition:

All Editions

Reference #:

1318297

Modified date:

2014-02-05

Translate my page

Machine Translation

Content navigation