Share via

Install the pluggable authentication module (PAM) on Linux

  • Article

Applies To: Windows Server 2003 R2

To install the pluggable authentication module (PAM) on Linux

  1. Copy pam_sso.rhl from IDMU\Unix\Bins on the Windows Server 2003 R2 CD to /lib/security on the UNIX computer, and change its name to pam_sso.so.1.

  2. On the UNIX computer, copy /etc/pam.d/system-auth to /etc/pam.d/ssod.

  3. Open /etc/pam.d/system-auth with a text editor, and locate the following line:

    passwordrequired/lib/security/pam_cracklib.soretry=3

  4. After the line in the previous step, add the following line:

    password required /lib/security/pam_sso.so.1

  5. Locate and delete the following line:

    passwordrequired/lib/security/pam_deny.so

  6. Save the modified file.

Note

These instructions apply to the typical Linux configuration. If you have configured PAM support differently, you might have to adjust these instructions to your specific configuration. To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.d/system-auth that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer. The following file samples show a typical configuration. Actual contents of these files may differ, depending on your system configuration. Sample Linux PAM configuration file:

/etc/pam.d/passwd

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth


/etc/pam.d/ssod

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so


/etc/pam.d/system-auth

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    required      /lib/security/pam_sso.so.1
password    sufficient    /lib/security/pam_unix.so nullok use_authtok shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

See Also

Concepts

Understanding Password Synchronization
Implementing Password Synchronization