Chapter 7. PAM Authentication

RHN Satellite Server supports network-based authentication systems using Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the RHN Satellite Server with a centralized authentication mechanism, which eliminates the need to remember multiple passwords.

RHN Satellite Server is able to use PAM with LDAP, Kerberos, Directory Server, or another network-based authentication system. This chapter outlines setting up PAM to work with your organization's authentication infrastructure.

Procedure 7.1. Setting up PAM authentication

Ensure you have the latest version of the selinux-policy-targeted package:
```
# yum update selinux-policy-targeted
```
Set the allow_httpd_mod_auth_pam SELinux boolean to on:
```
# setsebool -P allow_httpd_mod_auth_pam 1
```
Open the /etc/rhn/rhn.conf file in your preferred text editor, and add the following line. This will create a PAM service file at /etc/pam.d/rhn-satellite:
```
pam_auth_service = rhn-satellite
```
To set up authentication, open the /etc/pam.d/rhn-satellite service file in your preferred text editor, and add the appropriate rules. For more detail about configuring PAM, refer to the Pluggable Authentication Modules (PAM) in the Red Hat Enterprise Linux Deployment Guide.

Note

Check that the PAM authentication works correctly before using it with RHN Satellite Server.

Example 7.1. Using PAM with Kerberos on a Red Hat Enterprise Linux 5 i386 system

This example enables PAM with Kerberos authentication on a Red Hat Enterprise Linux 5 i386 system.

Open the /etc/pam.d/rhn-satellite service file in your preferred text editor, and add the following rules:

#%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_krb5.so no_user_check
auth        required      pam_deny.so
account     required      pam_krb5.so no_user_check

For Kerberos-authenticating users, change the password by using kpasswd. Do not change the password on the RHN website as this method will only change the local password on the Satellite server. Local passwords are not in use if PAM is enabled for that user.

Example 7.2. Using PAM with LDAP

This example enables PAM with LDAP authentication.

Open the /etc/pam.d/rhn-satellite service file in your preferred text editor, and add the following rules:

#%PAM-1.0
auth	        required      pam_env.so
auth        	sufficient    pam_ldap.so no_user_check
auth       		required      pam_deny.so
account     	required      pam_ldap.so no_user_check

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Chapter 7. PAM Authentication

Where did the comment section go?