Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1833: How to integrate 'Exceed on Demand' with DirectControl / PAM?

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to: All versions of Centrify DirectControl on Linux/Solaris platforms

Question:
How to integrate 'Exceed on Demand' with DirectControl / PAM?


Answer:
1. Logon as root on the Linux/Solaris host which installed Exceed onDemand Server

2. For Linux, run: cp /etc/pam.d/login /etc/pam.d/exceedondemand

3. For Solaris, edit /etc/pam.conf and add the following entries into the file:

exceedondemand      auth sufficient      pam_centrifydc.so unix_cred
exceedondemand      auth requisite       pam_centrifydc.so deny
exceedondemand      auth requisite       pam_authtok_get.so.1
exceedondemand      auth required        pam_dhkeys.so.1
exceedondemand      auth required        pam_unix_cred.so.1
exceedondemand      auth required        pam_unix_auth.so.1
exceedondemand      auth required        pam_dial_auth.so.1

4. Edit the file /[EoDHomeDir]/conf/admin/cluster.cfg, where [EoDHomeDir] is the home directory of Exceed onDemand that you specified at installation. Then, change EoDCMAuth=native to EoDCMAuth=pam

5. Stop the EoD service by running: /[EoDHomeDir]/bin/eodstop

6. Start the EoD service by running: /[EoDHomeDir]/bin/eodstart

On the later version of Exceed on Demand 13.7.6.416 (32 bit), you'd need to

cp /etc/pamd.d/login to /etc/pam.d/exceed-connection-server

and at the top of the file under the "auth include system-auth" entry add the following line:

exceed-connection-server

Note:  It's critical that you update your connection Manager and clients with latest patches as below:

getversions - Exceed Connection Server 13.7
esessionmgr    Version 13.7.6.417, Revision 20262
ewebhost          Version 13.7.6.414, Revision 20240
authenticator    Version 13.7.6.416, Revision 20256
cli                        Version 13.7.5.373, Revision 17532
keymgr              Version 13.7.0.229, Revision 15473
elpr                    Version 13.7.6.395, Revision 19217

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.