1. Administering Oracle Identity Cloud Service
  2. Manage Oracle Identity Cloud Service Components
  3. Manage Linux Authentication using the Linux-PAM Module
  4. Install and Configure the Linux-PAM
  5. Configure the Linux-PAM
  6. Configure the Linux-PAM using NSCD

Configure the Linux-PAM using NSCD

Configure the Oracle Identity Cloud Service Linux Pluggable Authentication Module (PAM) on Linux using the NSCD service.

Note:

The following prerequisites must be met before proceeding with the configuration.
  • The NSCD service should be installed. If it is not installed, install via sudo yum install nscd.
  • The service must be configured to start when the system reboots. You can perform this configuration via sudo chkconfig nscd on.
  • The property SELINUX must be set as permissive or disabled in file /etc/selinux/config. If it is not set, then set SELINUX=permissive or SELINUX=disabled.
  • Restart Linux to incorporate the above changes.
  1. Edit the /etc/nsswitch.conf and add oracle_cloud as follows:

    /etc/nsswitch.conf

    passwd:     files oracle_cloud
group:      files oracle_cloud
  2. Edit the /etc/nscd.conf and enable caching in the nscd service:

    /etc/nscd.conf

    enable-cache        passwd      yes
enable-cache        group       yes
  3. Edit the /etc/pam.d/sshd and add the pam_oracle_cloud module:

    /etc/pam.d/sshd

    auth sufficient pam_oracle_cloud.so
#Note: the above has to be added before the following line:
auth include password-auth
  4. Edit the /etc/ssh/sshd_config to configure sshd to allow the use of Multi-Factor Authentication:

    /etc/ssh/sshd_config

    #Search for the ChallengeResponseAuthentication property and set it to yes
ChallengeResponseAuthentication  yes
  5. Edit the /etc/opc.confg to allow the plugin to interact with Oracle Identity Cloud Service:

    /etc/opc.conf

    #This is sample format of opc.conf file, please use the correct information to configure this file.
#Enter the Oracle Identity Cloud Service tenancy base url.
base_url = https://identity-cloud-service-instance-url
#There is no need to change value of scope.
scope = urn:opc:idm:__myscopes__
#Enter the location of the wallet.
wallet_location = /etc/opc-wallet
#Enter the log level, this is optional and the default is 0, which means no log. 0 - None, 1 - Error, 2 - Info, 3 - Debug.
log_level = 0
#Enter the log file path, this is optional and defaults to /var/log/opc/pam_nss.log
log_file_path = /var/log/opc/pam_nss.log
#Enter the value for proxy usage to connect to Oracle Identity Cloud Service. Set the value to 1 to use a proxy and 0 to not use a proxy.
use_proxy=1
#Enter the information below if use_proxy=1
#Enter the proxy url
proxy_url=http://proxy.example.com
#Enter the proxy port
proxy_port=80
#Enter the username to connect to the proxy url.
proxy_username=username_example
#Enter the password of username to connect proxy url.
proxy_pwd=pwd_example
  6. Restart sshd and nscd:
    • authconfig --enablemkhomedir --enablepamaccess --update
    • service sshd restart
    • service nscd restart