previous
next
You can configure the Reflection for Secure IT server to use Pluggable Authentication Modules (PAM) in combination with keyboard interactive authentication. PAM employs runtime pluggable modules that provide authentication-related services. These modules are divided into four categories: authentication, account management, session management, and password management.
When PAM is configured, Reflection for Secure IT transfers control of authentication to the PAM library. The PAM library loads the modules specified in the PAM configuration file, and the PAM library prompts Reflection for Secure IT to confirm successful authentication.
The following server keywords configure PAM authentication on the server.
|
Server keyword |
Configuration information |
|---|---|
|
AuthKbdInt.Required |
To use PAM for authentication and password management: AuthKbdInt.Required=pam |
|
AccountManagement |
To use PAM for account management: AccountManagement=pam |
|
UsePamSessions |
To use PAM for session management: UsePamSessions=yes |
|
PamServiceName |
To specify the name of the PAM service. The default is: PamServiceName=ssh |
|
PamServiceNameForInternalProcesses |
To specify a PAM service to be used for internal processes. For example: PamServiceNameForInternalProcesses ssh-shell |
|
PamServiceNameForSubsystems |
To specify a PAM service to be used for subsystems. For example: PAMServiceNameforSubsystems sftp ssh-sftp |