PAMSC + PAM: Solaris Fails with LDAP User and Login Integration
Article ID: 110921
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
Login to PAM as 'sumanth' and open a PuTTY session with AD user 'test_ps1' (bridged via Centrify) . The PuTTY session closes before the login prompt. The AD user is enabled.
Then, login to the box using direct PuTTY (no PAM) - the AD user 'test_ps1' can log in. The sewhoami -a displays the PAM user of the failed session above (sumanth)
login as: test_ps1 Password: Last login: Thu Jun 28 10:30:59 2018 from 10.85.244.29 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 $ id uid=650119697(test_ps1) gid=650119697(test_ps1) $ sewhoami -a test_ps1 ACEE Contents User's Name : sumanth ACEE's Handle : 46 Group Connections Table: <Empty> Categories : <None> Profile Group : <None> Security Label : <None> User's Audit Mode : Failure LoginSuccess LoginFailure User's Security Level : 0 Source Terminal : 10.85.193.130 Process Count for ACEE : 1 User's Mode : OS_user ACEE's Creation Time : Thu Jun 28 11:59:42 2018
This behavior was noted on Linux as well - whenever PAM fails to log an AD user in using Login Integration, the immediate next session from direct putty - sewhoami -a displays the PAM user of the failed session.
Release: Component: SCU
the issue is with Solaris and OpenSSH.
On their Solaris machine: # pkgadd -d http://get.opencsw.org/now # /opt/csw/bin/pkgutil -U # /opt/csw/bin/pkgutil -y -i openssh