PDA

View Full Version : SM3: User authentication via PAM



achinayoung_waubonsee
11-Apr-2017, 16:41
According to the Best Practices Guide, "Chapter 16. System Auditing and Security Management", "To enable a user to authenticate against PAM, on the SUSE Manager Web interface go to the Create User page and select the checkbox labeled Pluggable Authentication Modules (PAM) positioned below the password and password confirmation fields.".

Has anyone used this. The Create User page does NOT have a checkbox to enable PAM authentication.https://ibin.co/3IiWet6DPpdQ.png

dgersic
12-Apr-2017, 02:41
On Tue, 11 Apr 2017 15:44:02 +0000, achinayoung waubonsee wrote:

> According to the Best Practices Guide, "Chapter 16. System Auditing and
> Security Management", "To enable a user to authenticate against PAM, on
> the SUSE Manager Web interface go to the Create User page and select the
> checkbox labeled Pluggable Authentication Modules (PAM) positioned below
> the password and password confirmation fields.".
>
> Has anyone used this. The Create User page does *NOT* have a checkbox to
> enable PAM authentication.[image: https://ibin.co/3IiWet6DPpdQ.png]

Hm. I'm using PAM with SuMa at a customer. Works fine. It's case
sensitive in the user names, which was surprising, but other than that,
no complaints.

My Create User page has a PAM checkbox.


--
David Gersic
Knowledge Partner http://forums.microfocus.com
If you find this post helpful, please click on the star below.

pgurzick
12-Apr-2017, 07:53
According to the Best Practices Guide, "Chapter 16. System Auditing and Security Management", "To enable a user to authenticate against PAM, on the SUSE Manager Web interface go to the Create User page and select the checkbox labeled Pluggable Authentication Modules (PAM) positioned below the password and password confirmation fields.".

Has anyone used this. The Create User page does NOT have a checkbox to enable PAM authentication.https://ibin.co/3IiWet6DPpdQ.png

You have to do the folllowing:
echo "pam_auth_service = susemanager" >> /etc/rhn/rhn.conf

and then
echo "#%PAM-1.0" > /etc/pam.d/susemanager
echo "auth include common-auth" >> /etc/pam.d/susemanager
echo "account include common-account" >> /etc/pam.d/susemanager
echo "password include common-password" >> /etc/pam.d/susemanager
echo "session include common-session" >> /etc/pam.d/susemanager

restart
then the option will now be available.

achinayoung_waubonsee
13-Apr-2017, 18:30
Thanks. That worked!