Identity Manager can use the following connections to communicate with this adapter:
SSH (SSH must be installed independently on the resource.)
For SSHPubKey connections, the private key must be specified on the Resource Parameters page. The key must include comment lines such as --- BEGIN PRIVATE KEY --- and --- END PRIVATE KEY --. The public key must be placed in the /.ssh/authorized_keys file on the server.
The adapter supports logging in as a standard user, then performing a su command to switch to root (or root-equivalent account) to perform administrative activities. Direct logins as root user are also supported.
The adapter also supports the sudo facility (version 1.6.6 or later), which can be installed on Solaris 9 from a companion CD. sudo allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user.
In addition, if sudo is enabled for a resource, its settings will override those configured on the resource definition page for the root user.
If you are using sudo, you must set the tty_tickets parameter to true for the commands enabled for the Identity Manager administrator. Refer to the man page for the sudoers file for more information.
The administrator must be granted privileges to run the following commands with sudo:
User and Group Commands
The adapter does not support NIS commands with sudo, because the yppasswd command requires the root password.
You can use a test connection to test whether
These commands exist in the administrator user’s path
The administrative user can write to /tmp
The administrative user have rights to run certain commands
A test connection can use different command options than a typical provision run.
The adapter provides basic sudo initialization and reset functionality. However, if a resource action is defined and contains a command that requires sudo authorization, then you must specify the sudo command along with the UNIX command. (For example, you must specify sudo useradd instead of just useradd.) Commands requiring sudo must be registerd on the native resource. Use visudo to register these commands.