Automic Workload Automation

Hi All,

When we set up authentication mode to PAM, do we still need to have login objects created for that agent? How does this PAM authentication works? In short, will it be ended up logging with the local user(AE) created while installing agent? 

I'm bit confused over here. Please point me in a right direction.

Thanks,
Srujan.

Hi Srujan,

Here are all the documentation links I could find for you pertaining to this topic:

https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/12.1/AWA%20Guides/help.htm#AE_AWA_Source/Integration/ucackz.htm?Highlight=PAM

https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/12.1/AWA%20Guides/help.htm#Installation_Manual/InstallAgents/InstallAgentUNIX.htm?Highlight=PAM

https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/12.1/AWA%20Guides/help.htm#AWA/Admin/inifiles/admin_ini_agent_unix.htm?Highlight=PAM

In short, AE switches users with "su". PAM AD users need to be able to (and usually can) do "su".

The requirement for a login object is not affected *), since AE needs to **) have a password, whether it's a local user or PAM user probably does not make a difference.

*)    disclaimer: I think. I have not tried this, but I'm rather certain.
**)  well, actually it doesn't, because root, which is the user the agent runs as, can "su" without passwords (and thus, you can actually disable all password requirements in the ini file, though that should be reserved for testing purposes). Hence, I assume the password requirement is not so much a technical requirement but one of the Automic security concept, which adds even more credence to my belief that login objects are required with PAM just as with local users.

Hth,
Carsten