Pluggable Authentication Modules (PAM)
You can configure the Reflection for Secure IT UNIX Client and Serverserver to use Pluggable Authentication Modules (PAM) in combination with keyboard interactive authentication. PAM employs runtime pluggable modules that provide authentication-related services. These modules are divided into four categories: authentication, account management, session management, and password management.
When PAM is configured, Reflection for Secure IT UNIX Client and Server transfers control of authentication to the PAM library. The PAM library loads the modules specified in the PAM configuration file, and the PAM library prompts Reflection for Secure IT UNIX Client and Server to confirm successful authentication.
The following server keywords configure PAM authentication on the server.
| Server keyword | Configuration |
|---|---|
| AuthKbdInt.Required | To use PAM for authentication and password management: AuthKbdInt.Required=pam |
| AccountManagement | To use PAM for account management: AccountManagement=pam |
| UsePamSessions | To use PAM for session management: UsePamSessions=yes |
| PamServiceName | To specify the name of the PAM service. The default is: PamServiceName=ssh |
| PamServiceNameForInternalProcesses | To specify a PAM service to be used for internal processes. For example: PamServiceNameForInternalProcesses ssh-shell |
| PamServiceNameForSubsystems | To specify a PAM service to be used for subsystems. For example: PAMServiceNameforSubsystems sftp ssh-sftp |
More information