Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4607: How to configure stock OpenSSH for PAM on AIX

Authentication Service ,  

12 April,16 at 11:22 AM

What steps are required to configure stock OpenSSH to use PAM on AIX

Before enabling ssh to use PAM authentication it is recommended that you leave an additional login window open with root access until you verify that ssh with PAM authentication is working properly. If PAM is not configured correctly you will not be able to log into the machine to correct the configuration problem until you boot the machine into maintenance mode and change /etc/security/login.cfg back to its original state.
1) Edit the /etc/pam.conf file
# vi /etc/pam.conf
Add the following sshd lines:
# Authentication
sshd auth required /usr/lib/security/pam_aix
# Account Management
sshd account required /usr/lib/security/pam_aix
# Password Management
sshd password required /usr/lib/security/pam_aix
# Session Management
sshd session required /usr/lib/security/pam_aix
2) Edit /etc/ssh/sshd_config 
# vi /etc/ssh/sshd_config
Uncomment the UsePAM line and change UsePAM = no to UsePAM = yes.
3) Edit /etc/security/login.cfg
# vi /etc/security/login.cfg
Change this line from:
auth_type = STD_AUTH
Change to
auth_type = PAM_AUTH
Stop and restart sshd.
# stopsrc -s sshd
# startsrc -s sshd
Note: The above steps are not required if customer use Centrify-enabled OpenSSH which is
compiled and configured for PAM and Kerberos.