Pluggable Authentication Modules (PAM) Based Authentication

Starting with the r11.5 maintenance level 11112 and higher releases of CA XCOM, administrators have an option to select PAM-based authentication instead of the native mechanism available for the UNIX server.
PAM Overview
The Pluggable Authentication Modules (PAM) are an industry-standard framework providing authentication, account management, session management, and password services. PAM allows programs that rely on authentication to be written independently of the underlying authentication scheme. PAM uses the local password file to authenticate the user accessing the host, you can now take advantage of other authentication mechanisms such as LDAP.
Enabling PAM Authentication in CA XCOM
To enable PAM authentication, modify the following global parameters:
  • Set authentication type to PAM.
AUTH_TYPE=PAM
  • Specify the path where the PAM shared library is present
PAM_PATH=/usr/lib
Configure PAM Service
PAM can be configured through the use of either the /etc/pam.conf file or the /etc/pam.d directory. CA XCOM uses the service name of xcomauth.
  • The /etc/pam.conf file
Update the pam.conf file with the service name xcomauth and the other authentication settings detailed in the requirements.
As an example:
xcomauth auth XXXX XXXX xcomauth account XXXX XXXX
  • The /etc/pam.d directory
The directory is an alternate configuration mechanism. In this scheme, each policy is contained in a separate file bearing the name of the service it applies to. Create an xcomauth config file with the authentication settings detailed in the requirements.
If you are using LINUX-PAM, then the pam_userpass module must precede the actual authentication module. This module is distributed with XCOM installation and is installed at $XCOM_HOME/redistrib/pam_userpass directory. For more details on PAM configuration, refer to the PAM documentation