We are doing a proof of concept using CA's pam-client, pam-server and ACF2.
The pam-client (we received the binaries from CA) was installed on our
Linux guest.
The pam-server was install under zOS as a started task (it is a USS service).
ACF2 was there already for zOS security.  We added the Linux segment to ACF2.
We have run into some issues that you might be able to help us with.
1) when we define a user on the ACF2 segment for Linux, we also seem
to need to have the same user on the Linux side in /etc/passwd.  This
is contrary to my understanding.
2) we can't seem find a way to define more than one group for the
user.  We have to go to the Linux guest to add groups and membships of
those groups.
3) we seem to be able to authenticate users during telnet/ssh sign ons
but how do we perform authentication?  I.e. how do I make sure that a
user does not execute or read files.  I would like to manage by
definining roles/groups and then making a user a member of one or more
groups.

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to