Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-6773: How to build out a /etc/pam.d/db2 on Linux for DB2 OSAUTH authentication to work

23 May,16 at 11:25 PM

Applies to:
Centrify for Databases DB2 all versions.


Tried to configure the DB2 instance for authtype – OSAUTH according to info from this community link: 

There is still an issue that is blocking us from authenticating a DB2 user against Centrify. 

Build out a /etc/pam.d/db2 file with the following parameters:

# lines inserted by Centrify Direct Control { CentrifyDC 5.3.0-213 }
auth sufficient
auth requisite deny
account sufficient
account requisite deny
#session required homedir
password sufficient try_first_pass
password requisite deny
# User changes will be destroyed the next time authconfig is run.
auth required
auth sufficient nullok try_first_pass
auth requisite uid >= 500 quiet
auth required

account required nodefgroup accessfile=/etc/security/access.conf
account required
account sufficient
account sufficient uid < 500 quiet
account required

#password requisite try_first_pass retry=3 type=
password requisite try_first_pass retry=3 minlen=9 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 difok=3
#password sufficient md5 shadow nullok try_first_pass use_authtok
password sufficient sha512 shadow nullok try_first_pass use_authtok remember=5
password required

session optional revoke
session required
session [success=1 default=ignore] service in crond quiet use_uid
session required

Restart the DB2 service.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.