Install the pluggable authentication module (PAM) on Solaris
Applies To: Windows Server 2003 R2
To install the pluggable authentication module (PAM) on Solaris
Copy pam_sso.sol from the IDMU\Unix\Bins folder on the Windows Server 2003 R2 CD to the /usr/lib/security directory on the UNIX computer, and change its name to pam_sso.so.1.
On the UNIX computer, open /etc/pam.conf with a text editor.
In the Password management section, locate the following line:
other password required /usr/lib/security/$ISA/pam_unix.so.1
Immediately following the line located in the previous step, add the following line:
other password required /usr/lib/security/$ISA/pam_sso.so.1
Note
To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer. The following file samples show a typical configuration. Actual contents of these files may differ, depending on your system configuration. Sample Solaris PAM configuration file
#ident "@(#)pam.conf 1.14 99/09/16 SMI"
# Copyright (c) 1996-1999, Sun Microsystems, Inc.
# All Rights Reserved.
# PAM configuration
# Authentication management
login auth required /usr/lib/security/$ISA/pam_unix.so.1
login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1
# Account management
login account requisite /usr/lib/security/$ISA/pam_roles.so.1
login account required /usr/lib/security/$ISA/pam_unix.so.1
dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1
dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1
other account requisite /usr/lib/security/$ISA/pam_roles.so.1
other account required /usr/lib/security/$ISA/pam_unix.so.1
# Session management
other session required /usr/lib/security/$ISA/pam_unix.so.1
# Password management
other password required /usr/lib/security/$ISA/pam_unix.so.1
other password required /usr/lib/security/$ISA/pam_sso.so.1
dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other account optional /usr/lib/security/$ISA/pam_krb5.so.1
#other session optional /usr/lib/security/$ISA/pam_krb5.so.1
#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
See Also
Concepts
Understanding Password Synchronization
Implementing Password Synchronization