Automic Workload Automation

Expand all | Collapse all

Importance of Login object when we use PAM authentication

  • 1.  Importance of Login object when we use PAM authentication

    Posted 03-23-2018 02:47 PM
    Hi All,

    When we set up authentication mode to PAM, do we still need to have login objects created for that agent? How does this PAM authentication works? In short, will it be ended up logging with the local user(AE) created while installing agent? 

    I'm bit confused over here. Please point me in a right direction.

    Thanks,
    Srujan.



  • 2.  Importance of Login object when we use PAM authentication



  • 3.  Importance of Login object when we use PAM authentication

    Posted 03-26-2018 11:49 AM
    In short, AE switches users with "su". PAM AD users need to be able to (and usually can) do "su".

    The requirement for a login object is not affected *), since AE needs to **) have a password, whether it's a local user or PAM user probably does not make a difference.

    *)    disclaimer: I think. I have not tried this, but I'm rather certain.
    **)  well, actually it doesn't, because root, which is the user the agent runs as, can "su" without passwords (and thus, you can actually disable all password requirements in the ini file, though that should be reserved for testing purposes). Hence, I assume the password requirement is not so much a technical requirement but one of the Automic security concept, which adds even more credence to my belief that login objects are required with PAM just as with local users.

    Hth,
    Carsten