9.10. Implementing PAM Authentication

Red Hat Network Satellite supports network-based authentication systems such as LDAP and Kerberos, using Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords.

Note

To ensure that PAM authentication functions properly, install the pam-devel package.

Configuring Red Hat Network Satellite to use PAM

  1. Create a PAM service file in the /etc/pam.d/ directory:
    touch /etc/pam.d/rhn-satellite
  2. Edit the file with the following information:
    auth        required      pam_env.so
    auth        sufficient    pam_sss.so 
    auth        required      pam_deny.so
    account     sufficient    pam_sss.so
    account     required      pam_deny.so
    
  3. Instruct the satellite to use the PAM service file by adding the following line to the /etc/rhn/rhn.conf file:
    pam_auth_service = rhn-satellite
  4. Restart the service to pick up the changes:
    rhn-satellite restart
    
  5. To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.