Summary

The BoKS PAM modules enable you to integrate external PAM-compatible applications with BoKS.

This article explains the steps needed to achieve this.

Note: This article is provided as an example of how to integrate applications using PAM. However, as the PAM interface is not a defined standard and implementations vary from application to application, Fox Technologies cannot guarantee that integration will function or support integration with third-party applications via PAM.

Procedure

In this example, we will call the application Appx, which is a terminal application that does not provide information about the remote host, therefore BoKS can be used to control the destination host for access and the authentication required.

The steps needed are as follows:

  1. Tell PAM about the necessity to call functions from the pam_boks.so.1 library. This requires customizing the PAM configuration for the application.
    The PAM configuration is platform-dependent. For Linux, sym-links to the original PAM configuration files have been created in $BOKS_etc/pam.d/ (except for the BoKS supported services where patched versions of these files are created in that directory). The patched config files can be used as a reference for how to change the config file for the application you are integrating.
    You can find more information about how pam_boks.so.1 works in the man page pam_boks.so.
    The PAM configuration needs to be in place locally on all the BoKS Server Agents where you want to use the application.
    Note however that activating and deactivating BoKS (sysreplace) can overwrite any customizations you make to this file, so make a backup of the changes you make to be able to restore the changes in the event of this happening.

  2. Tell pam_boks.so.1 what method to use for Appx. This is done by the configuration specified in the $BOKS_etc/bokspam.conf file.
    There is sample code in this file, and also a bokspam.conf man page that can be consulted for reference information.
    For example the following could be used as a definition for Appx:

    # bdebug pam -x9 -f /var/tmp/pam.'$$'

    This will create debug traces from all BoKS “pamified” services (including e.g. SU).


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018