As of openFT version V12.1B, the release is only for Linux x86_64. Since openFT version V12.1C20, Solaris (Sparc) is also included in the release again. Further platforms are available on request from your Fujitsu sales representative.
PAM (Pluggable Authentication Modules) consists of a collection of program libraries which allow system administrators to choose the way applications authenticate users. openFT supports the PAM interface for user authentication in the operating systems Linux, Solaris, HP-UX and AIX.
Following installation, the PAM function is enabled on Linux, Solaris and HP-UX systems but is disabled on AIX systems. Under AIX, you must therefore enable the PAM function explicitly, see section “Authentication via PAM”.
In many cases, it is necessary to check the configuration files and adapt the entries, see section “Authentication via PAM”.
Enabling/disabling the PAM function
At runtime, you can enable or disable the PAM function on all platforms using the environment variable OPENFTPAM. To do this, you must stop the asynchronous openFT server (e.g. with the ftstop command), set the variable and then restart the asynchronous openFT server (e.g. with the ftstart command):
OPENFTPAM=ON
export OPENFTPAM
PAM function is enabled.
OPENFTPAM=OFF
export OPENFTPAM
PAM function is disabled.
Checking and modifying the PAM configuration files
The PAM mechanism is controlled by means of application and platform-specific configuration files.
Linux
On Linux, the PAM mechanism is controlled by means of files in the directory /etc/pam.d or by means of an entry in the file /etc/pam.conf if /etc/pam.d does not exist.
When logging on to PAM, openFT uses the service name openft. In the case of an openFT update installation/new installation, a configuration file with the name openft is therefore created in the directory /etc/pam.d if no such file already exists. The authentication mechanism that is to be used is defined in this file. If the system administrator has defined a specific authentication mechanism via the file /etc/pam.d/common-auth then this is used by openFT. If not, the PAM module pam_unix.so for user authentication under Linux is used.
If the directory /etc/pam.d does not exist then the system administrator must make a suitable entry in the file /etc/pam.conf for the service name openft.
Solaris, HP-UX and AIX
The PAM mechanism functions on these platforms for openFT if the file/etc/pam.conf contains an entry for OTHER with service module type auth which permits the applications installed on the relevant operating system to use the PAM functionality.If this is not the case then you must make the following entry in the file /etc/pam.conf:
Solaris
Depending on your Solaris version, you may need to make the following entries:
openft auth required pam_unix.so.1 openft auth requisite pam_authtok_get.so.1 openft auth required pam_unix_auth.so.1
HP-UX
openft auth required libpam_unix.1and if necessary also
openft auth required libpam_unix.so.1AIX
On AIX systems, it is possible that the entry for OTHER is configured as follows by default and therefore prohibits the service:
OTHER auth required pam_prohibitIn this case, it is necessary to make the entry for openFT separately:
openft auth required pam_aix