Configuring PAM for the Control System and the REST API
Describes how to create a custom PAM profile and use a specific PAM file for authentication.
About this task
Starting in HPE Ezmeral Data Fabric v6.0, no additional configuration is needed to use PAM files for authentication. The apiserver supports PAM and automatically loads the following PAM files, if they exist, in the following order for authentication:
/etc/pam.d/mapr-admin
/etc/pam.d/sudo
/etc/pam.d/sshd
/etc/pam.d/chkpasswd
/etc/pam.d/passwd
You can create a custom PAM profile and set the admin server property to point to a specific PAM file to use for authentication.
Procedure
-
Open the
/opt/mapr/apiserver/conf/properties.cfg
file and set the PAM file as the value for theauthentication.pam.service
property.For example, to setmapr-admin
as the file to use for authentication, your entry in the file should look similar to the following:ojai.cache.size=64 mapr.webui.https.port=8443 doc.url=https://docs.datafabric.hpe.com/home proxy.zkservices=elasticsearch,opentsdb authentication.pam.service=mapr-admin
- Save and close the file.