IBM Support

Linux PAM not configured to be compatible with TWS's WebSphere

Question & Answer


Question

When configuring PAM on Linux to allow the Custom registry to use either LocalOS or whatever PAM is configured to use, what file is being accessed and what settings are needed?

Answer

When Tivoli Workload Scheduler's (TWS) WebSphere uses the Custom user registry and PAM is configured for use on Linux, the file that WebSphere accesses is /etc/pam.d/checkpassword first and if that file does not exist it will access /etc/pam.d/other The following is a sample /etc/pam.d/other file that resulted in successful PAM authentication through TWS's WebSphere:

[maestro@host pam.d]$ more other
#%PAM-1.0
#auth required pam_deny.so
#account required pam_deny.so
#password required pam_deny.so
#session required pam_deny.so
auth include system-auth
account include system-auth
password include system-auth
session include system-auth


The authentication product utilized by PAM in the above example was Centrify.

[{"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"WebSphere Application Server","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.4;8.5;8.5.1;8.6;9.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

Maestro;TWS;TWA

Document Information

Modified date:
17 June 2018

UID

swg21421895