AIX introduced a new alternative authentication control attribute "authcontroldomain" from AIX 6.1 Tl07 and 71 Tl01 releases. When this attribute is set, SYSTEM and registry attributes are stored or retrieved from that database. For local users, SYSTEM and registry attribute are stored in /etc/security/user file irrespective of the authcontroldomain value.
The authcontroldomain attribute needs to be defined with a loadmodule name which is defined in the /etc/methods.cfg or /usr/lib/security/methods.cfg file. This attribute needs to be defined in the /etc/security/login.cfg file under the usw stanza.
authcontroldomain attribute can be set for a system as using the chsec command. For example:
Quick Test: LDAP and local User Login works fine without further specifying SYSTEM or registry.
Security load modules are defined in /usr/lib/security/methods.cfg file. User identification is done based on order in, which load modules are defined in methods.cfg file. Local load module information is not defined in the /usr/lib/security/methods.cfg file. However, the user information will be verified first in local module; then the order that is defined in methods.cfg file will follow.
These 2 Users Gave Thanks to -=XrAy=- For This Post:
I am implementing LDAP on Linux based system using openldap.
My management objects to the idea that all individual users will authenticate against an LDAP server because “what if it is not available”
Their suggestion is that we run in parallel a set of local configured users and a set of LDAP... (1 Reply)
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent.
The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Hi Friends,
I have this script for ftping files from AIX server to local windows xp.
#!/bin/sh
HOST='localsystem.net'
USER='myid_onlocal'
PASSWD='mypwd_onlocal'
FILE='file.txt' ##This is a file on server(AIX)
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
put $FILE... (1 Reply)
If I create a new user id test:
mkuser id=400 test
then I want it to LDAP user:
chuser -R LDAP SYSTEM=LDAP registry=LDAP test
It shows:
3004-687 User "test" does not exist.
How to do? (4 Replies)
Hi Gurus,
I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password.
It seems that i need to use expect module here, but i don't know how to create the object for this.
... (1 Reply)
Hi,
I have been asked to create a ksh script that will search against an LDAP directory from various HP-UX, SUSE, and AIX 5.3 and 6.1 machines. The objective is to verify the boxes are successfully authenticating users from the LDAP store. This is something I've never done, and I could use... (0 Replies)
Hi,
I need to switch from local user to root user in a shell script.
I need to make it automated so that it doesn't prompt for the root password.
I heard the su command will do that work but it prompt for the password.
and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Hello,
i configured rhel linux 6 with AD directory to authorize windows users to connect on the system and it works.
i have accounts with high privileges (oracle for example) if an account is created on the AD server i would to block him.
I looked for how to do, for the moment all the... (3 Replies)
I'd like to add some x/linux-based servers to my current AIX-based TDS/SDS server community. Reading the Fine Install Guide (rtfig ?) I believe this may be covered by the section "Upgrade an instance of a previous version to a different computer" i.e. I'm going to install latest/greatest SDS on a... (4 Replies)
Discussion started by: maraixadm
4 Replies
LEARN ABOUT PLAN9
pam_rhosts_auth
pam_rhosts_auth(5) Standards, Environments, and Macros pam_rhosts_auth(5)NAME
pam_rhosts_auth - authentication management PAM module using ruserok()
SYNOPSIS
/usr/lib/security/pam_rhosts_auth.so.1
DESCRIPTION
The rhosts PAM module, /usr/lib/security/pam_rhosts_auth.so.1, authenticates a user via the rlogin authentication protocol. Only
pam_sm_authenticate() is implemented within this module. pam_sm_authenticate() uses the ruserok(3SOCKET) library function to authenticate
the rlogin or rsh user. pam_sm_setcred() is a null function.
/usr/lib/security/pam_rhosts_auth.so.1 is designed to be stacked on top of the /usr/lib/security/pam_unix.so.1 module for both the rlogin
and rsh services. This module is normally configured as sufficient so that subsequent authentication is performed only on failure of
pam_sm_authenticate(). The following option may be passed in to this service module:
debug syslog(3C) debugging information at LOG_DEBUG level.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO pam(3PAM), pam_authenticate(3PAM), ruserok(3SOCKET), syslog(3C), libpam(3LIB), pam.conf(4), attributes(5)NOTES
The interfaces in libpam() are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
SunOS 5.10 28 Oct 1996 pam_rhosts_auth(5)