We are doing a proof of concept using CA's pam-client, pam-server and ACF2. The pam-client (we received the binaries from CA) was installed on our Linux guest. The pam-server was install under zOS as a started task (it is a USS service). ACF2 was there already for zOS security. We added the Linux segment to ACF2. We have run into some issues that you might be able to help us with. 1) when we define a user on the ACF2 segment for Linux, we also seem to need to have the same user on the Linux side in /etc/passwd. This is contrary to my understanding. 2) we can't seem find a way to define more than one group for the user. We have to go to the Linux guest to add groups and membships of those groups. 3) we seem to be able to authenticate users during telnet/ssh sign ons but how do we perform authentication? I.e. how do I make sure that a user does not execute or read files. I would like to manage by definining roles/groups and then making a user a member of one or more groups.
---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
