To add an Authentication Services license file
The Licensing Properties dialog opens.
Defender Settings policy provides one-time password authentication. Install Defender on Unix or Linux to use two-factor authentication to secure critical resources. In order to access a host running Defender, you must enter a one-time password in addition to the account password.
Configure the Defender Settings policy to enable PAM authentication. The Group Policy agent on Unix configures Defender based on the existing Defender access nodes in Active Directory. This allows you to configure which users to prompt for a one-time password as well as which Defender server the agents can communicate with. For more information on configuring Defender access nodes, refer to the One Identity Defender documentation.
To enable one-time password authentication for Unix
Configure Defender to require a one-time password for specific login services, or all login services.
A login service is any process that authenticates a user to a Unix host. You configure login services for PAM in the pam.conf file. By default sshd and ssh are automatically configured since this is the most typical scenario. You can specify additional services. The name of the service must correspond to the service name in PAM.conf. On some platforms the service names may differ, in that case, specify all service names for all platforms where you have installed Defender.
Privilege Manager for Unix controls which users are able to gain root access on Unix hosts. It is similar to sudo with more advanced features and functionality. You can use Group Policy to control Privilege Manager for Unix settings on hosts that are also running Authentication Services.