search cancel

Agent Unix: PAM authentication documentation details

book

Article ID: 88198

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

After implementing more complex passwords restrictions in Unix/Linux servers (ie. using long passwords stored in a secure way (SHA-512) on HP-UX ), the Job Submission via a Unix Agent may fail.

The error in the Agent log is:

U2003043 Invalid PasswordCheck() call. Error code: (submission_username- user password incorrect)

 

Cause

Cause type: Configuration
Root Cause: The system and Agent Unix must be configured correctly to use PAM authentication.

Environment

OS: Unix / Linux

Component: Automation Engine

Subcomponent: Agent Unix

Version: Any version

 

Resolution

First, ask your Unix Administrator to check the PAM configuration to be set in the Unix System.
You will find more details under following link: Chapter 4.  The Linux-PAM cnfiguration file

Configuration Advice for implementing PAM Authentication to fix the problem

Linux
As root, create a file in /etc/pam.d  with the same name as the Agent binary (e.g. ucxjlx6) and add the following to the file
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth

AIX
Add the following lines to /etc/pam.conf:
# Automic Unix Agent ucxja64
ucxja64 auth required /usr/lib/security/64/pam_aix
ucxja64 account required /usr/lib/security/64/pam_aix
ucxja64 password required /usr/lib/security/64/pam_aix
 
 
Then, implement the PAM Authentication in the Automic Unix Agent.
 
Extract from the online documentation Administration Guide > Installation > New Installation > Installling the Agent for UNIX:

Configuring authentication via PAM (optional)
  • Host
  • Authentication via (Pluggable Authentication Modules) is now supported for the agents of the following UNIX platforms: Solaris, Linux and AIX.
1. PAM library installation 
The PAM library must be installed on your system (depends on the platform you use).
2. PAM library configuration 
The configuration process depends on the UNIX platform that you use. Typically, you will handle it by using the files /etc/pam.d or /etc/pam.conf
The name of the service complies with the name of the executable agent file (ucxj???).
3. Configuring the agent 
In the INI file of the UNIX agent, set the parameter authentication= ([MISC] section) to "pam". In the parameter libname= ([PAM] section), you must specify the path and the file name of the PAM library:
 
[MISC]
authentication=pam

[PAM]
libname=/usr/lib/libpam32.o
 
 
 
 
 
 

Additional Information

For HP-UX Agents, the following would be necessary:

[MISC]

authentication=pam

[PAM]

libname=libpam.so

 
Powered by Wolken Software