Implementing Pam Authentication; Enabling Push To Clients - Red Hat NETWORK SATELLITE 5.2 Installation Manual
Hide thumbs
Also See for NETWORK SATELLITE 5.2:
- Reference manual (268 pages) ,
- Configuration manual (44 pages) ,
- Management manual (36 pages)
Table of Contents
Advertisement
This particular job will run randomly between 1:00 a.m. and 3:30 a.m. system time each night and
redirect stdout and stderr from cron to prevent duplicating the more easily read message from
satellite-sync. Options other than --email can also be included. Refer to
Import/Sync Options"
for the full list of options. Once you exit from the editor, the modified crontab is
installed immediately.
8.9. Implementing PAM Authentication
As security measures become increasingly complex, administrators must be given tools that simplify
their management. For this reason, RHN Satellite Server supports network-based authentication
systems via Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system
administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the
need for remembering multiple passwords.
RHN Satellite Server supports LDAP, Kerberos, and other network-based authentication systems via
PAM. To enable the Satellite to use PAM and your organization's authentication infrastructure, follow
the steps below.
Note
To ensure that PAM authentication functions properly, install the pam-devel package.
Set up a PAM service file (usually /etc/pam.d/rhn-satellite) and have the Satellite use it by
adding the following line to /etc/rhn/rhn.conf:
pam_auth_service = rhn-satellite
This assumes the PAM service file is named rhn-satellite.
To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication
Modules (PAM). It is positioned below the password and password confirmation fields on the Create
User page.
As an example, for a Red Hat Enterprise Linux 5 i386 system, to authenticate against Kerberos one
could put the following in /etc/pam.d/rhn-satellite:
#%PAM-1.0
auth
required
auth
sufficient
auth
required
account
required
Please note that changing the password on the RHN website changes only the local password on
the RHN Satellite Server, which may not be used at all if PAM is enabled for that user. In the above
example, for instance, the Kerberos password will not be changed.
8.10. Enabling Push to Clients
In addition to allowing client systems to regularly poll the Satellite for scheduled actions, you may
enable the Satellite to immediately initiate those tasks on Provisioning-entitled systems. This bypasses
pam_env.so
pam_krb5.so no_user_check
pam_deny.so
pam_krb5.so no_user_check
Implementing PAM Authentication
Table 6.2, "Satellite
63
Advertisement
Table of Contents
