Introduction

Many versions of Unix support PAM (Pluggable Authentication Modules). PAM allows user name and password checking to be performed by third party authentication mechanisms. These mechanisms may include:

• LDAP
• Radius
• Unix (standard password lookup)

Texpress 8.0 introduced support for PAM as the mechanism used to authenticate users when they login to EMu. The following operating system releases support PAM:

• Solaris (SPARC)
• Solaris (x86)
• FreeBSD
• Linux

The standard PAM configuration for all versions of Unix except for Red Hat Linux defaults to using the standard Unix password mechanism for user authentication. In the case of Red Hat user authentication will fail unless a suitable PAM configuration is installed. Thus for all versions of Unix except Red Hat it is not necessary to configure PAM if you want to use the standard Unix password authentication. If you want to use either LDAP or Radius servers you will need to install a suitable PAM configuration.

PAM configuration may be setup in one of two ways. The first way uses a single configuration file (/etc/pam.conf) and is used by Solaris and FreeBSD 4. The second method uses a directory (/etc/pam.d) where individual files configure services. Red Hat Linux and FreeBSD 5 use this method.

If you want to use another authentication mechanism you will need to alter the PAM configuration for service texpress to indicate what method is required. PAM support in Texpress requires two services to be configured. These are:

• auth - authenticate the user name and password
• account - check if user account is valid or whether password has expired

Configuration Notes (/etc/pam.conf)

As mentioned above both Solaris and FreeBSD 4 do not require any PAM configuration if the standard Unix authentication mechanism (password file) is to be used. If you want to alter the standard configuration, to say use LDAP then:

1. Log in as root.
2. Enter vi /etc/pam.conf
3. Add the following lines to the top of the configuration file:
   texpress    auth       sufficient    authentication module
   texpress    account    sufficient    authentication module 
4. Save the changes and exit the file.

For information about what modules are supported please consult your operating system documentation.

Configuration Notes (/etc/pam.d)

In order for EMu to authenticate users on Red Hat Linux it is necessary to add a PAM configuration file for service texpress. The configuration should be stored in the file /etc/pam.d/texpress. To setup PAM:

1. Log in as root.
2. Enter vi /etc/pam.d/texpress
3. Enter the following text into the file:
   
   Red Hat 6 and earlier
   #
   #  /etc/pam.d/texpress
   #
   auth     required /lib/security/pam_pwdb.so shadow nullok
   auth     required /lib/security/pam_nologin.so
   account  required /lib/security/pam_pwdb.so
   password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
   session  required /lib/security/pam_pwdb.so
   
   Red Hat 7 and later
   #
   # /etc/pam.d/texpress
   #
   auth     required /lib/security/pam_nologin.so
   auth     required /lib/security/pam_stack.so service=system-auth
   account  required /lib/security/pam_stack.so service=system-auth
   session  required /lib/security/pam_stack.so service=system-auth
   password required /lib/security/pam_stack.so service=system-auth
   
   Save the changes and exit the file.
4. FreeBSD 5 also uses this mechanism but does not require configuration by default.

If another authentication mechanism is required you will need to alter the module loaded. Please consult your operating system documentation for more details.