Bypassing PAM authentication

Follow theses steps to bypass PAM authentication, enabling all user authentication requests from PAM clients to succeed. Be aware that this configuration is not secure; bypass PAM authentication only if it is reasonable for your environment and users.

About this task

Procedure

  1. In the pamauth.conf file, set SEC_PAM_BYPASS=Y to bypass PAM authentication.
  2. Restart EGO services and the management hosts:
    1. Log on to the primary host as the cluster administrator.
    2. Run the following commands to stop EGO services:
      • For bash:
        # . $EGO_TOP/profile.platform
        # egosh service stop all
      • For csh:
        # source $EGO_TOP/cshrc.platform
        # egosh service stop all
    3. Log on to the management hosts as the cluster administrator and restart the hosts:
      # egosh ego restart
    Once PAM authentication is bypassed, when the client is a PAM client (using sec_ego_ext_co), all PAM users can pass authentication.
    For example, where user wronguser is neither a PAM user nor an EGO user with the password pass, the following login is successful when PAM authentication is bypassed:
    # egosh user logon –u wronguser–x pass
    # soamlogon –u wronguser –u pass
    

    This user, however, cannot run IBM® Spectrum Symphony applications because the user is not assigned a role.