How to configure Pluggable Authentication Modules for VirusScan Enterprise for Linux manager authentication
Technical Articles ID:
KB70568
Last Modified: 9/27/2016
Last Modified: 9/27/2016
How to configure Pluggable Authentication Modules for VirusScan Enterprise for Linux manager authentication
Technical Articles ID:
KB70568
Last Modified: 9/27/2016 Environment
McAfee VirusScan Enterprise for Linux (VSEL) 1.x
Summary
By default, VSEL uses the system PAM (Pluggable Authentication Modules) configuration in the Web Manager for authentication. In some instances, the system PAM settings might use external authentication modules that are not compatible with VSEL. This article describes how to configure PAM so that VSEL can authenticate in the Web Manager. The PAM configuration file is located in /etc/pam.d/nails. Solution
Authenticate using pam_unix.so: This authentication mechanism uses the /etc/passwd files to authenticate the users. The default PAM configuration file on a Red Hat Enterprise Linux (RHEL) system for nails looks like the following. #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so
NOTE: The order of lines is important. A reboot is not required after you modify this file. #%PAM-1.0 auth sufficient pam_unix.so nullok try_first_pass auth required pam_nologin.so Authenticate using pam_nam.so In SUSE Linux Enterprise Server Open Enterprise Server (SLES OES) systems, where NSS volumes need to be scanned, the VSEL user and group are created in eDirectory rather than the /etc/passwd files. In such cases, it is required that the PAM configuration file is configured accordingly. If the system PAM authentication for the SLES server is not configured to authenticate using pam_nam.so, VSEL does not work properly. In this case, configure the /etc/pam.d/nails file like the following example to resolve the issue. #%PAM-1.0 auth sufficient pam_nam.so use_first_pass auth required pam_nologin.so Also, confirm that the following lines in /etc/nsswitch.conf have the word nam specified as shown below. passwd: compat nam group: compat nam It is also helpful to run namconfig cache_refresh as root to clear any stale cache entries that might prevent successful authentication. Affected ProductsGlossary of Technical Terms |
|