Configuring a Pluggable Authentication Module (PAM) for UNIX

Set up SAP Control Center to support username and password login using accounts on the UNIX operating system.

  1. Using a login account with root privileges, configure the pluggable authentication module for your platform:
    Platform Action
    Solaris Append the contents of the <SCC-install-dir>/utility/<sunos>/pam.conf file (provided with SAP Control Center) to the /etc/pam.conf file on your Solaris platform.
    Linux Copy the <SCC-install-dir>/utility/<linux>/sybase-csi file (provided with SAP Control Center) to the /etc/pam.d directory on your Linux platform.
    Note: The sybase-csi file provided with SAP Control Center is not compatible with the most recent SUSE and Red Hat Linux versions. See the examples at the end of this topic for details.
    Note: In the table above, the portion of the path that indicates the operating system might differ slightly from what is shown.
  2. If the host UNIX system is not using a directory lookup for authentication (yp or NIS, for example) and authentication is carried out against the local /etc/passwd file, change the permissions on /etc/shadow to provide read access to the login account that executes SCC.
  3. (Skip if you configured a PAM before starting SAP Control Center) Restart SAP Control Center.
  4. (Optional) Change account creation options.
    1. Log in to SAP Control Center using an account with administrative privileges (sccAdminRole).
    2. Select Application > Administration > Security.
    3. Click to select or deselect the box labeled Automatically add SCC login records for authenticated logins. (By default, this option is enabled for SCC 3.2.6 and later.)
    4. Click to select or deselect the box labeled Automatically grant sccUserRole to newly created logins. (By default, this option is enabled for SCC 3.2.6 and later.)
    5. Click OK to close the Security dialog.

Examples: PAMs for SUSE Linux 11, Red Hat Enterprise Linux 6.0

For SUSE 11 and later, do not use the sybase-csi file provided with SAP Control Center. Instead, in your /etc/pam.d directory, create a sybase-csi file that contains:
# sybase-csi PAM Configuration (SUSE style)
auth       include      common-auth
account    include      common-account
password   include      common-password
session    include      common-session
For Red Hat 6.0 and later, do not use the sybase-csi file provided with SAP Control Center. Instead, in your /etc/pam.d directory, create a sybase-csi file that contains:
# sybase-csi PAM Configuration (Red Hat style)
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth
Next
There are two next steps:
Related tasks
Mapping SAP Control Center Roles to LDAP or OS Groups
Adding a Login Account to the System