UNIX

This Solaris only module allows for authentication using a user's UNIX identification and password. If any of the UNIX authentication attributes are modified, both Access Manager and the amunixd helper must be restarted. The UNIX authentication attributes are global and realm attributes. The attributes are:

• Configuration Port

• Authentication Port

• Timeout

• Threads

• Authentication Level

• PAM Service Name

Configuration Port

This attribute specifies the port to which the UNIX Helper `listens' upon startup for the configuration information contained in the UNIX Helper Authentication Port, UNIX Helper Timeout, and UNIX Helper Threads attributes. The default is 58946.

If this attribute is changed, you must also change the unixHelper.port entry in the AMConfig.properties file, and restart Access Manager.

Authentication Port

This attribute specifies the port to which the UNIX Helper `listens' for authentication requests after configuration. The default port is 57946.

Timeout

This attribute specifies the number of minutes that users have to complete authentication. If users surpass the allotted time, authentication automatically fails. The default time is set to 3 minutes.

Threads

This attribute specifies the maximum number of permitted simultaneous UNIX authentication sessions. If the maximum is reached at a given moment, subsequent authentication attempts are not allowed until a session is freed up. The default is set to 5.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication mechanism. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.

If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.

PAM Service Name

Defines the PAM (Pluggable Authentication Module) configuration or stack that is shipped for you operating system and is used for UNIX authentication. For Solaris, the name is usually other and for Linux, the name is password.