AIX fails authentication when using SU or Telnet with IDM Fan-out Driver

  • 3283453
  • 17-Dec-2007
  • 26-Apr-2012

Environment

Novell Identity Manager Driver - Linux and UNIX - Fan Out

Situation

Users are failing to login to AIX boxes where the Identity Manager Fan-out driver is installed with the redirected authentication. This failure happens when using SU or Telnet. Logging in with SSH and FTP work fine. This happens when using DCE and not PAM for authenticating.

Resolution

This is normally a configuration problem.
The DCE stanza in /usr/lib/security/methods.cfg should look like this:
DCE:
program = /usr/lib/security/DCE
options = db=BUILTIN
Also, the registry line may be missing from the /etc/security/user default stanza:
SYSTEM="DCE OR DCE[UNAVAIL] AND compat"
registry = DCE

Additional Information

The Fan-out driver DCE module is a "compound" module. The line in methods.cfg about " options = db=BUILTIN " causes the DCE module to get user information from the local UNIX host, not eDir.
The driver was designed and tested with registry=DCE, and since DCE uses the local host to resolve everything about a user other than authentication, that is often the safest way to run it.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.