Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

Running the Unix Authentication Helper (amunixd Daemon)

The Unix authentication module is supported on Solaris SPARC, Solaris x86, or Linux systems. The Unix authentication module requires the amunixd helper daemon for Unix authentication.

After you unzip the file, the helper files for the Unix authentication module are in the zip-root/opensso/tools/helpers directory.

ProcedureTo Run the Unix Authentication Helper (amunixd Daemon)

  1. To change any of the Unix authentication module configuration values, use the OpenSSO Enterprise administration Console:

    1. Login into the Console as amadmin.

    2. Click Configuration, Authentication, and then Unix.

    3. Set the Unix authentication attributes, as required for your deployment:

      • Configuration Port: Port that the amunixd daemon listens to at startup for configuration information. Default:58946

      • Authentication Port: Port that the amunixd daemon listens for authentication requests. Default:57946

      • Timeout: Minutes to complete the authentication. Default: 3

      • Threads: Number of simultaneous authentication sessions. Default: 5

      • Authentication Level: How much to trust an authentication mechanism. Default: 0

      • PAM Service Name: Configuration or stack that is shipped for the operating system. Default: other

        Solaris systems: PAM Service Name=other

        Linux systems: PAM Service Name=password

        Linux Note: On some Linux systems, you might need to set PAM Service Name to a different value. For example, on some Linux systems, the PAM Service Name is passwd.If password or passwd is not correct, you will need to determine the PAM Service Name for your Linux system.

    4. Click Save and logout of the Console.

  2. Login as superuser (root).

  3. Start the amunixd daemon by running the amunixd script in the zip-root/opensso/tools/helpers/bin directory.

    For example:

    # cd zip-root/opensso/tools/helpers/bin
    # ./amunixd


    • Run the amunixd daemon as root. If the daemon is started by a non-root user, Unix authentication will succeed only for NIS users. Local users in /etc/passwd or /etc/shadow on Solaris systems will not be able to authenticate.

    • The Unix authentication service Configuration Port in the Administration Console and the port the amunixd process is started with (default 58946) must match. If you change the port in the Administration Console, use the -c portnumber option to start the amunixd process. For example:

      If the Configuration Port is changed from the default value (58946) using the OpenSSO Enterprise Admin Console, run the amunixd script with the -c and -p arguments to specify the new port and IP address, respectively. For example:

      # ./amunixd -c portnumber

    • If the you want the amunixd process to accept connections from systems other than the localhost (that is, the OpenSSO Enterprise host), use the following options:

      -i N -a ipaddr1 ... -a ipaddrN

      where N is the number of IP addresses you want to specify, and ipaddr1 ..."ipaddrN are the IP addresses in the 3-dot ( format of the systems that amunixd is to accept connections from.