PAM Authentication

To enable PAM authentication

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, select PAM authentication section.

4.Set the Use PAM authentication flag.

5.Click Save.

6.Restart the Server to apply changes.

PAM authentication under UNIX system-based OS is performed by using pluggable authentication modules.

To configure PAM authentication parameters, you can use one of the following ways:

Configure authentication methods via the Control Center: in the Administration → Authentication → PAM authentication section.

The auth-pam.xml configuration file located in the etc folder of the Server. Configuration file example is:

...

<!-- Enable this authorization module -->

<enabled value="no" />

<!-- This authorization module number in the stack -->

<order value="50" />

<!-- PAM service name>" -->

<service name="drwcs" />

<!-- PAM data to be queried: PAM stack must return INT zero/non-zero -->

<admin-flag mandatory="no" name="DrWeb_ESuite_Admin" />

...

Description of PAM authentication parameters which are configured at Dr.Web Enterprise Security Suite side

Control Center items

auth-pam.xml file items

Description

Tag

Attribute

Available values

Use PAM authentication flag

<enabled>

value

yes | no

Flag that defines whether the PAM authentication method is used.

Use Drag and Drop

<order>

value

positive integer, coordinated with other methods values

Serial number of PAM authentication if several authentication methods are used.

Service name field

<service>

name

-

Service name which is used to create PAM context. PAM can read politics for this service from the /etc/pam.d/<service name> or from the /etc/pam.conf, if the file does not exist.

If the parameter is not set (no <service> tag in the configuration file), the drwcs name is used by default.

Control flag is mandatory flag

<admin-flag>

mandatory

yes | no

Parameter defines whether the control flag identifying a user as an administrator is mandatory.

By default is yes.

Control flag name field

<admin-flag>

name

-

Key string according to which PAM modules read the flag.

By default is DrWeb_ESuite_Admin.

When configuring operating of PAM authentication modules, use parameters which are set at Dr.Web Enterprise Security Suite side, and consider default values which are used if parameters are not specified.