Install the pluggable authentication module (PAM) on Linux
Applies To: Windows Server 2003 R2
To install the pluggable authentication module (PAM) on Linux
Copy pam_sso.rhl from IDMU\Unix\Bins on the Windows Server 2003 R2 CD to /lib/security on the UNIX computer, and change its name to pam_sso.so.1.
On the UNIX computer, copy /etc/pam.d/system-auth to /etc/pam.d/ssod.
Open /etc/pam.d/system-auth with a text editor, and locate the following line:
passwordrequired/lib/security/pam_cracklib.soretry=3
After the line in the previous step, add the following line:
password required /lib/security/pam_sso.so.1
Locate and delete the following line:
passwordrequired/lib/security/pam_deny.so
Save the modified file.
Note
These instructions apply to the typical Linux configuration. If you have configured PAM support differently, you might have to adjust these instructions to your specific configuration. To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.d/system-auth that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer. The following file samples show a typical configuration. Actual contents of these files may differ, depending on your system configuration. Sample Linux PAM configuration file:
/etc/pam.d/passwd
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
/etc/pam.d/ssod
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password required /lib/security/pam_sso.so.1
password sufficient /lib/security/pam_unix.so nullok use_authtok shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
See Also
Concepts
Understanding Password Synchronization
Implementing Password Synchronization