As security measures become increasingly complex, administrators must be given tools that simplify their management. For this reason, RHN Satellite Server supports network-based authentication systems via Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords.
RHN Satellite Server supports, LDAP, Kerberos, and other network-based authentication systems via PAM. To enable the Satellite to use PAM and your organization's authentication infrastructure, complete the following tasks.
Set up a PAM service file (usually /etc/pam.d/rhn-satellite) and have the Satellite use it by adding the following line to /etc/rhn/rhn.conf:
pam_auth_service = rhn-satellite |
This assumes the PAM service file is named rhn-satellite.
Enable a certain user to authenticate against PAM. Do this by clicking the Use PAM Authentication button on the User Details page.
As an example, to authenticate against Kerberos one could put the following in /etc/pam.d/rhn-satellite:
#%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_krb5.so no_user_check auth required /lib/security/pam_deny.so account required /lib/security/pam_krb5.so no_user_check |
Please note that changing the password on the RHN website will change only the local password on the RHN Satellite Server, which may not be used at all if PAM is enabled for that user. In the above example, for instance, the Kerberos password will not be changed.