Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6773: How to build out a /etc/pam.d/db2 on Linux for DB2 OSAUTH authentication to work

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify DirectControl Plugins ,   Centrify DirectSecure ,  

23 May,16 at 11:25 PM

Applies to:
Centrify for Databases DB2 all versions.

Problem:

Tried to configure the DB2 instance for authtype – OSAUTH according to info from this community link: 

http://community.centrify.com/t5/Centrify-Server-Suite/DB2-LUW-Transparent-LDAP-DB2AUTH-OSAUTHDB/td-p/22652 

There is still an issue that is blocking us from authenticating a DB2 user against Centrify. 

Solution:
Build out a /etc/pam.d/db2 file with the following parameters:

# lines inserted by Centrify Direct Control { CentrifyDC 5.3.0-213 }
auth sufficient pam_centrifydc.so
auth requisite pam_centrifydc.so deny
account sufficient pam_centrifydc.so
account requisite pam_centrifydc.so deny
#session required pam_centrifydc.so homedir
password sufficient pam_centrifydc.so try_first_pass
password requisite pam_centrifydc.so deny
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_access.so nodefgroup accessfile=/etc/security/access.conf
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so

#password requisite pam_cracklib.so try_first_pass retry=3 type=
password requisite pam_cracklib.so try_first_pass retry=3 minlen=9 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 difok=3
#password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so


Restart the DB2 service.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.