Authenticating users via ldap through PAM (Pluggable Authentication Modules).
PAM is specified in agentparm.txt where the following entries have to be coded and the agent recycled:
- oscomponent.auth.pam.svc :
specifies the service, the default being login. This entry should exist in /etc/pam.conf or /etc/pam.d/ file.
- oscomponent.auth.pam.lib :
specifies the full path to the PAM library file.
After the changes agentparm.txt are done and the agent recycled one can manually test the authentication:
1. First get the encrypted password for your user using the password utility in the agent directory :
2. Then use the following to check if the user can be authenticated (assuming that oscomponent.auth.pam.svc=login; change the service name accordingly if not):
chkusr user_name <encrypted_password> login
NOTE: When running a 32 bit agent the sssd 32bit client library package needs to be installed (even though 64 bits sssd libraries are already installed).