Share via

Install the pluggable authentication module (PAM) on Solaris

  • Article

Applies To: Windows Server 2003 R2

To install the pluggable authentication module (PAM) on Solaris

  1. Copy pam_sso.sol from the IDMU\Unix\Bins folder on the Windows Server 2003 R2 CD to the /usr/lib/security directory on the UNIX computer, and change its name to pam_sso.so.1.

  2. On the UNIX computer, open /etc/pam.conf with a text editor.

  3. In the Password management section, locate the following line:

    other password required /usr/lib/security/$ISA/pam_unix.so.1

  4. Immediately following the line located in the previous step, add the following line:

    other password required /usr/lib/security/$ISA/pam_sso.so.1

Note

To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer. The following file samples show a typical configuration. Actual contents of these files may differ, depending on your system configuration. Sample Solaris PAM configuration file

#ident  "@(#)pam.conf   1.14    99/09/16 SMI"
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
# PAM configuration
# Authentication management
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1
# Account management
login   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
login   account required        /usr/lib/security/$ISA/pam_unix.so.1
dtlogin account requisite       /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required        /usr/lib/security/$ISA/pam_unix.so.1
other   account requisite       /usr/lib/security/$ISA/pam_roles.so.1
other   account required        /usr/lib/security/$ISA/pam_unix.so.1
# Session management
other   session required        /usr/lib/security/$ISA/pam_unix.so.1
# Password management

other   password required       /usr/lib/security/$ISA/pam_unix.so.1
other  password required        /usr/lib/security/$ISA/pam_sso.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1

# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other  auth optional   /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin        account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other  password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass

See Also

Concepts

Understanding Password Synchronization
Implementing Password Synchronization