12 April,16 at 11:02 AM
Applies to: All versions of Centrify DirectControl on Linux/Solaris platforms
Question:
How to integrate 'Exceed on Demand' with DirectControl / PAM?
Answer:
1. Logon as root on the Linux/Solaris host which installed Exceed onDemand Server
2. For Linux, run: cp /etc/pam.d/login /etc/pam.d/exceedondemand
3. For Solaris, edit /etc/pam.conf and add the following entries into the file:
exceedondemand auth sufficient pam_centrifydc.so unix_cred
exceedondemand auth requisite pam_centrifydc.so deny
exceedondemand auth requisite pam_authtok_get.so.1
exceedondemand auth required pam_dhkeys.so.1
exceedondemand auth required pam_unix_cred.so.1
exceedondemand auth required pam_unix_auth.so.1
exceedondemand auth required pam_dial_auth.so.1
4. Edit the file /[EoDHomeDir]/conf/admin/cluster.cfg, where [EoDHomeDir] is the home directory of Exceed onDemand that you specified at installation. Then, change EoDCMAuth=native to EoDCMAuth=pam
5. Stop the EoD service by running: /[EoDHomeDir]/bin/eodstop
6. Start the EoD service by running: /[EoDHomeDir]/bin/eodstart
On the later version of Exceed on Demand 13.7.6.416 (32 bit), you'd need to
cp /etc/pamd.d/login to /etc/pam.d/exceed-connection-server
and at the top of the file under the "auth include system-auth" entry add the following line:
exceed-connection-server
Note: It's critical that you update your connection Manager and clients with latest patches as below:
getversions - Exceed Connection Server 13.7
esessionmgr Version 13.7.6.417, Revision 20262
ewebhost Version 13.7.6.414, Revision 20240
authenticator Version 13.7.6.416, Revision 20256
cli Version 13.7.5.373, Revision 17532
keymgr Version 13.7.0.229, Revision 15473
elpr Version 13.7.6.395, Revision 19217