Environment
Novell Identity Manager Driver - Linux and UNIX - Fan
Out
Situation
Users are failing to login to AIX boxes where the Identity Manager Fan-out driver is installed with the redirected authentication. This failure happens when using SU or Telnet. Logging in with SSH and FTP work fine. This happens when using DCE and not PAM for authenticating.
Resolution
This is normally a configuration problem.
The DCE stanza in /usr/lib/security/methods.cfg should look
like this:
DCE:
program = /usr/lib/security/DCE
options = db=BUILTIN
Also, the registry line may be missing from the
/etc/security/user default stanza:
SYSTEM="DCE OR DCE[UNAVAIL] AND compat"
registry = DCE
Additional Information
The Fan-out driver DCE module is a "compound" module.
The line in methods.cfg about " options = db=BUILTIN " causes the
DCE module to get user information from the local UNIX host, not
eDir.
The driver was designed and tested
with registry=DCE, and since DCE uses the local host to
resolve everything about a user other than authentication, that is
often the safest way to run it.