Tivoli being PAM enabled typically works fine with Unix-enabled users.
On machines running Solaris and Tivoli is extremely busy it has been observed that authentications work initially after restarting Oserv and after some time fail.
This occurs because the process has >= 256 file descriptors used and calls into the QAS code and due to some operating system limitations could fail.
The following article has more details.
Resolution # 1
One of the suggested workarounds from the Sun Developers article was included in Versions of QAS newer than 3.5.2-83 or 4.0.1-69.
Resolution # 2
Tivoli can also be altered to change the oserv start process. It is recommended to check with Tivoli support prior to implementing this change.
LD_PRELOAD_32=/usr/lib/extendedFILE.so.1
export LD_PRELOAD_32
ulimit -Sn 1024
It is notable that this is not an issue exclusive to Tivoli. This could affect other applications in similar ways and with similar resolutions.
23779
* Solaris: If a process has >= 256 file descriptors used and calls into the VAS
code, it could fail due to OS limitations explained at:
http://developers.sun.com/solaris/articles/stdio_256.html
The code has implimented one of the suggested workarounds. The change is only
effective on Solaris 10 with kernel 12510{0,1}-04 or later.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center