How to enable AIX to authenticate users using SSH via PAM instead of LAM (4256359)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

How to enable AIX to authenticate users using SSH via PAM instead of LAM
Description

How to enable AIX to authenticate users via PAM (Pluggable Authentication Module) instead of the default LAM (Lightweight Authentication Module)
Resolution

To enable AIX to use PAM authentication you need to do the following:

Run the following to configure pam.conf for sshd.

#/opt/quest/bin/vastool configure pam ssh

and

#/opt/quest/bin/vastool configure pam sshd

Set the sshd configuration file to use PAM "/etc/ssh/sshd_config"

UsePAM yes

Set "/etc/security/login.cfg" to use PAM by changing STD_AUTH to PAM_AUTH

Restart sshd

stopsrc -s sshd
startsrc -s sshd
The steps to revert from PAM back to LAM if required:

1) Set "/etc/security/login.cfg" to use LAM by changing PAM_AUTH to STD_AUTH

2) Set the sshd configuration file to use not use PAM "/etc/ssh/sshd_config"

UsePAM no

3) Run the following to remove the pam configuration changes:

/opt/quest/bin/vastool unconfigure pam ssh
/opt/quest/bin/vastool unconfigure pam sshd

4) Restart sshd

stopsrc -s sshd
startsrc -s sshd

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title