Show Table of Contents
9.10. Implementing PAM Authentication
Red Hat Network Satellite supports network-based authentication systems such as LDAP and Kerberos, using Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords.
Note
To ensure that PAM authentication functions properly, install the
pam-devel package.
Configuring Red Hat Network Satellite to use PAM
- Create a PAM service file in the
/etc/pam.d/directory:touch /etc/pam.d/rhn-satellite
- Edit the file with the following information:
auth required pam_env.so auth sufficient pam_sss.so auth required pam_deny.so account sufficient pam_sss.so account required pam_deny.so
- Instruct the satellite to use the PAM service file by adding the following line to the
/etc/rhn/rhn.conffile:pam_auth_service = rhn-satellite
- Restart the service to pick up the changes:
rhn-satellite restart
- To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.