Chat now with support
Chat with Support

Safeguard Authentication Services 4.1.5 - Installation Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Installing and configuring Authentication Services Installing and joining from the Unix command line Getting started with Authentication Services Troubleshooting Enterprise package deployment

Authentication Services and Solaris 10 Zones installation guidelines

To install Authentication Services in a Solaris 10 Zones configuration

  • In Solaris 10 Zones, only the global zone is permitted to do time synchronization. Therefore, if you want to run Authentication Services in "any" Solaris Zone configuration, you must timesync the Global Zone with Active Directory. Time synchronization is a requirement of the Kerberos protocol and since Authentication Services is built on Kerberos, Authentication Services also has this requirement.
  • The same version of Authentication Services should be installed in any combination of global, whole root, and sparse root zone configurations.
  • To disable time synchronization for Authentication Services on the sparse zone, run the below command:
    vastool configure vas vasd timesync-interval 0
  • The following symlinks must exist in the global zone in order for the sparse zones to work correctly:
    • /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
    • /usr/lib/security/sparcv9/pam_vas3.so | /opt/quest/usr/lib/security/sparcv9/pam_vas3.so
    If /usr is shared, you need the following symlinks in the global zone pointing to counterpart files in /opt/quest/lib:
    • /usr/lib/nss_vas4.so.1 | /opt/quest/lib/nss/nss_vas4.so.1
    • /usr/lib/security/pam_vas3.so | /opt/quest/usr/lib/security/pam_vas3.so
    In such a scenario, you do not need Authentication Services joined to a domain in the global zone in order for sparse zones to work, but the symlinks must exist.

Each zone must have its own unique copy of /etc and /var because Authentication Services stores zone-specific information in those locations. Sharing /etc and /var with the global zone is not a supported configuration.

Related Documents