All versions of Centrify DirectControl on RHEL platform.
Is it possible to configure Centrify DirectControl to work with Tectia SSH server using PAM?
Pluggable Authentication Module is an authentication framework used in Unix systems. In SSH Tectia, support for PAM is enabled as a submethod of keyboard-interactive authentication.
When PAM is used, SSH Tectia Server transfers the control of authentication to the PAM library, which will then load the modules specified in the PAM configuration file. Finally, the PAM library tells SSH Tectia Server whether or not the authentication was successful. SSH Tectia Server is not aware of the details of the actual authentication method employed by PAM, only the final result is of interest.
The PAM authentication can be enabled by creating a PAM configuration for the service
Please follow the steps.
a) Please make sure Centrify is connected and Tectia OpenSSH server is running.
b) There is an xml file attached at the end of this KB article. Please download and save it in the /etc/ssh2 folder on the Centrify server running Tectia SSH server.
c) Navigate to /etc/pam.d and copy the ssh file
$ cp /etc/pam.d/sshd to /etc/pam.d/ssh-server-g3
d) Restart the Tectia SSH server and Centrify DirectControl.
e) Attempt login to Tectia SSH server from a Putty client and it should prompt for credentials:
login as: rsriniva
This server is running on an evaluation license.
It will expire after 44 days.
Using keyboard-interactive authentication.
From Centrify: Please enter your Windows password: