Password Synchronizer for UNIX and Linux
The Password Synchronizer for UNIX and Linux intercepts password change events that originate from the tools, which are based on the UNIX and PAM enabled applications.
Overview
The Pluggable Authentication Modules (PAM) architecture on the UNIX systems, provides an extendable design to enable customized behavior, which is based on user authentication. The PAM Password Synchronizer plug-in uses the UNIX PAM architecture to enable password change notifications to propagate to the Security Directory Integrator plug-in Password Store.
The primary purpose of the PAM Password Synchronizer plug-in is to intercept password change events that originate from the tools that are based on the UNIX and PAM enabled applications, such as the passwd command.
Supported platforms
The PAM Password Synchronizer is available on the following platforms:
- Solaris 10 SPARC (32-bit and 64-bit)
- Solaris 11 SPARC (32-bit and 64-bit)
- AIX® 6.1 (PPC-64)
- AIX 7.1 (PPC-64)
- RHEL ES/AS 5.0 (x86/x86 - 64)
- RHEL ES/AS 6.0 (x86/x86 – 64)
- SLES 10 (x86/x86 - 64)
- SLES 11 (x86/x86 - 64)
- RedFlag Data Center 5.0 SP1/Asianix 2.0 SP1
Notes:
- On 64-bit x86 Linux, problems with the bundled JRE are experienced if the plug-in installation is attempted before the prelink utility is run by the cron utility for the first time. The plug-in installation fails with a message that states no JVM was found. Run the /etc/cron.daily/prelink script to resolve the issue and to allow the plug-in installation to proceed.
- RHEL 5.0 has SELinux enabled by default. The SELinux keeps the host secure from malicious attacks. However, the default settings prevent some of the plug-in libraries from loading. To fix this problem, run the following command:
find TDI_install_dir/jvm/jre/bin TDI_install_dir/pwd_plugins/PAM -name '*.so' -exec chcon -t textrel_shlib_t {} \;
- Deployment and configuration
Use the template configuration file at TDI_install_dir/pwd_plugins/pam/pwsync.props to configure the PAM Password Synchronizer.