Applies to: All versions of Centrify DirectControl on Linux/Solaris platforms

Question:
How to integrate 'Exceed on Demand' with DirectControl / PAM?

Answer:
1. Logon as root on the Linux/Solaris host which installed Exceed onDemand Server

2. For Linux, run: cp /etc/pam.d/login /etc/pam.d/exceedondemand

3. For Solaris, edit /etc/pam.conf and add the following entries into the file:

exceedondemand      auth sufficient      pam_centrifydc.so unix_cred
exceedondemand      auth requisite       pam_centrifydc.so deny
exceedondemand      auth requisite       pam_authtok_get.so.1
exceedondemand      auth required        pam_dhkeys.so.1
exceedondemand      auth required        pam_unix_cred.so.1
exceedondemand      auth required        pam_unix_auth.so.1
exceedondemand      auth required        pam_dial_auth.so.1

4. Edit the file /[EoDHomeDir]/conf/admin/cluster.cfg, where [EoDHomeDir] is the home directory of Exceed onDemand that you specified at installation. Then, change EoDCMAuth=native to EoDCMAuth=pam

5. Stop the EoD service by running: /[EoDHomeDir]/bin/eodstop

6. Start the EoD service by running: /[EoDHomeDir]/bin/eodstart

On the later version of Exceed on Demand 13.7.6.416 (32 bit), you'd need to

cp /etc/pamd.d/login to /etc/pam.d/exceed-connection-server

and at the top of the file under the "auth include system-auth" entry add the following line:

exceed-connection-server

Note:  It's critical that you update your connection Manager and clients with latest patches as below:

getversions - Exceed Connection Server 13.7
esessionmgr    Version 13.7.6.417, Revision 20262
ewebhost          Version 13.7.6.414, Revision 20240
authenticator    Version 13.7.6.416, Revision 20256
cli                        Version 13.7.5.373, Revision 17532
keymgr              Version 13.7.0.229, Revision 15473
elpr                    Version 13.7.6.395, Revision 19217