The last time I looked at the CA PAM module it is a very basic PAM module that simply performs a adduser for you to the local passwd file. you can setup pam.d to use the PAM server to validate login etc... but it does not that I ever saw do any checks for resources.
William 'Doug' Carroll Mainframe Systems Eng Sr I Global Technology Infrastructure ECS Mainframe Operating System Services Explore IT, build IT, exploit IT - Creating excellence through teamwork. Office: (614) 213-4954 Pager: [EMAIL PROTECTED] Cell: (614) 209-0649 Fax: (614) 244-9897 http://www.jpmchase.com Yu Safin <[EMAIL PROTECTED] m> To Sent by: Linux on [email protected] 390 Port cc <[EMAIL PROTECTED] IST.EDU> Subject CA's PAM-Client and PAM-Server 10/05/2006 04:16 PM Please respond to Linux on 390 Port <[EMAIL PROTECTED] IST.EDU> We are doing a proof of concept using CA's pam-client, pam-server and ACF2. The pam-client (we received the binaries from CA) was installed on our Linux guest. The pam-server was install under zOS as a started task (it is a USS service). ACF2 was there already for zOS security. We added the Linux segment to ACF2. We have run into some issues that you might be able to help us with. 1) when we define a user on the ACF2 segment for Linux, we also seem to need to have the same user on the Linux side in /etc/passwd. This is contrary to my understanding. 2) we can't seem find a way to define more than one group for the user. We have to go to the Linux guest to add groups and membships of those groups. 3) we seem to be able to authenticate users during telnet/ssh sign ons but how do we perform authentication? I.e. how do I make sure that a user does not execute or read files. I would like to manage by definining roles/groups and then making a user a member of one or more groups. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
