A description of how to implement Pluggable Authentication Modules (PAM) on Unix-like operating systems.
PAMs enable you to change authentication techniques (for example, from password to retina scan) by merely changing a configuration file, rather than forcing you to recompile the program (for example with Sybase CEP Server). Before setting up PAM, make sure that you have set up access restrictions for Sybase CEP Engine. See "Setting Up Access Restrictions" for more information.
To use PAM, you need to update your c8-server.conf file as explained in "Creating and Configuring Authentication Plugins" and in this section. You also need to perform other steps, which are described in the Sybase CEP Integration Guide .
The default c8-server.conf file included with your Sybase CEP Engine contains a commented-out section with PAM-related configuration parameters:
<!-- Sample PAM authentication plugin configuration --> <section name="Plugin"> <preference name="LibraryName" value="c8_server_plugins_lib"/> <preference name="InitializeFunction" value="c8_auth_plugin_pam_initialize"/> <preference name="AuthenticateFunction" value="c8_auth_plugin_pam_authenticate"/> <preference name="ShutdownFunction" value="c8_auth_plugin_pam_shutdown"/> <!-- Uncomment the following line and change 'value' to set the password prompt that PAM sends to applications. The defaultprompt is "Password: ". (Note the required space at the end.) You should only need to do this if you encounter a system that does not use the default, and as such, it failing authentication. --> <!-- <preference name="PasswordPrompt" value="Password: "/> --> </section>
Since Sybase CEP Engine includes the C8 PAM library, the names of the library and the functions in it are already included in the example entry. If you are using the C8 PAM library, you can simply remove the comment marks for the section, and do not need to change the configuration preferences.