Can Active Directory unix enabled users use Solaris RBAC (Role-Based Access Control) and DAC (Discretionary Access Controls) ?
Yes, refer to the following page on our Resource Central site which explains the use of Solaris RBAC with Quest Authentication Services (QAS). http://rc.vintela.com/topics/howto/rbac/
To configure , the pam_unix_cred.so.1 in the /etc/pam.conf file needs to be above the pam_vas3.so lines.
For example, to configure su
Change from
su auth sufficient /opt/quest/lib/security/$ISA/pam_vas3.so create_homedir get_nonvas_pass
su auth requisite /opt/quest/lib/security/$ISA/pam_vas3.so echo_return
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_cred.so.1 use_first_pass
su auth required pam_unix_auth.so.1 use_first_pass
to:
su auth required pam_unix_cred.so.1 use_first_pass
su auth sufficient /opt/quest/lib/security/$ISA/pam_vas3.so create_homedir get_nonvas_pass
su auth requisite /opt/quest/lib/security/$ISA/pam_vas3.so echo_return
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1 use_first_pass
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center