Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Step 5: Verifying that PAM is Interoperating with the LDAP Store

You are now ready to test whether the newly configured Solaris host can operate as a PAM client. However, before trying to log in as the example user, George Washington, you need to “cheat” just a bit.

Note that George’s default home directory is /pres/home/gwashington. This directory does not yet exist on your test host nor have you configured the auto_home system on which to mount that file system automatically. You can create the directory manually to avoid any kind of problem.

Figure A–2 Creating a Directory

Creating a Directory

You should be able to see the PAM system in action immediately (because gwashing is both understood and displayed). The following image shows that the PAM LDAP client system you configured can authenticate as gwashing. In addition, this figure demonstrates that a password change can be accomplished and that the new password will be accepted on a subsequent authentication request.

Figure A–3 Configured PAM LDAP System

Configured PAM LDAP System

If you check the LDAP store log (specifically looking for non-search operations) you should see an audit of the LDAP operations done in support of the preceding log-in and password-change test.

Figure A–4 Auditing LDAP Operations

Auditing LDAP Operations