Novell Documentation: Nsure Identity Manager Drivers

PAM Configuration

If you have a basic setup with default configuration, the nis-drv-config copies the NIS password management PAM module to the PAM modules directory and updates the PAM configuration file. If the basic configuration is not found, the PAM configuration is not done. We strongly recommend that you manually update and verify the PAM configuration file to ensure that the custom configuration is not disturbed and the existing PAM configuration file satisfies the NIS PAM module requirements.

The PAM configuration involves copying the PAM module from the /usr/lib/dirxml/rules/nds2nis directory to the corresponding location on each of the following platforms:

On Linux: /lib/security/pam_dxml.so
On Solaris: /usr/lib/security/pam_dxml.so.1
On HP-UX: /lib/security/libpam_dxml.1

Ensure that you modify the PAM configuration file in one of the following ways:

On Linux AS v2.4.9-e.3 (uname -r)

The /etc/pam.d/passwd file can have the following password management modules:

password required /lib/security/pam_pwdb.so retry=3
password required /lib/security/pam_dxml.so use_first_pass use_authtok host=164.99.155.241 db=nis mapfilesdir=/var/yp/nisdomain shadowmerged=true

On Solaris 8 (5.8 Generic_108528-13)

The /etc/pam.conf file can have the following password management modules:

other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1 use_first_pass
other password required pam_dxml.so.1 use_first_pass use_authtok host=164.99.155.241 db=nis mapfilesdir=/var/yp/nisdomain shadowmerged=true

注: On Solaris you need to create a symbolic link, pam_dxml.so in /usr/lib/security, that points to /usr/lib/security/pam_dxml.so.1. The command is ln -s /usr/lib/security/pam_dxml.so.1 /usr/lib/security/pam_dxml.so

On HP-UX 11i

The /etc/pam.conf file can have the following password management modules:

passwd password required /usr/lib/security/libpam_unix.1
passwd password required /usr/lib/security/libpam_dxml.1 use_first_pass use_authtok host=164.99.155.241 db=nis mapfilesdir=/var/yp/nisdomain shadowmerged=true

Ensure that you have the following parameters with the correct values for the NIS driver's PAM module pam_dxml.so:

host=hostname: Specifies the name or IP address of the machine where NIS driver is running. This parameter will be empty if the PAM module and driver are installed on the same machine. If the IP address is of a remote machine, ensure that SSH is set up and it is possible to execute commands on a remote machine using SSH.
mapfilesdir=/var/yp/domainname: This is the path to the NIS maps.
db=files: Specifies the datastore. Values can be Files, NIS, or NIS+.
shadowmerged=false: Specifies whether the NIS database is configured to support shadow files or not. If a shadow file is present, the value of this parameter is false; otherwise, it is True.
use_first_pass: This tag is used to instruct the NIS PAM module not to prompt for a password and to get it from the previous module.